# HG changeset patch
# User Ruslan Ermilov <ru@nginx.com>
# Date 1537873679 -10800
# Node ID cd4fa2fab8d8f1a2d03841249230bed76d318502
# Parent  5fa22beeaf11cf41ff44c4259d4afc9bc8a8056e
SSL: fixed unlocked access to sess_id->len.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3146,6 +3146,7 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_
     const
 #endif
     u_char                   *p;
+    size_t                    slen;
     uint32_t                  hash;
     ngx_int_t                 rc;
     ngx_shm_zone_t           *shm_zone;
@@ -3201,12 +3202,14 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_
         if (rc == 0) {
 
             if (sess_id->expire > ngx_time()) {
-                ngx_memcpy(buf, sess_id->session, sess_id->len);
+                slen = sess_id->len;
+
+                ngx_memcpy(buf, sess_id->session, slen);
 
                 ngx_shmtx_unlock(&shpool->mutex);
 
                 p = buf;
-                sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
+                sess = d2i_SSL_SESSION(NULL, &p, slen);
 
                 return sess;
             }