From cc1e752167adba315e0186eb3505dc225e4daee1 Mon Sep 17 00:00:00 2001
From: William Robinet <william.robinet@conostix.com>
Date: Wed, 27 Jan 2021 18:37:29 +0100
Subject: [PATCH] Avoid client session_id related leak

---
 ssl/ssldecode.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c
index 9a4edde..b44128d 100644
--- a/ssl/ssldecode.c
+++ b/ssl/ssldecode.c
@@ -298,9 +298,11 @@ int ssl_set_client_session_id(d,msg,len)
 #ifdef OPENSSL    
     int r;
 
-    if(len>0)
+    if(len>0) {
+        r_data_destroy(&d->session_id);
         if((r=r_data_create(&d->session_id,msg,len)))
             ERETURN(r);
+    }
 #endif
     return(0);
   }