From 274a12e17c7e0f173e997450a4e8125b11e8be85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 20 Feb 2014 21:32:08 +0100
Subject: [PATCH] Fix bug with ssl_cache and max_entries=0

---
 ChangeLog                    |  2 ++
 include/polarssl/ssl_cache.h |  2 +-
 library/ssl_cache.c          | 11 ++++++++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a2505aaf3..5d48ef84f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ Bugfix
    * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
    * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
      Alex Wilson.)
+   * Fixed bug in ssl_cache: when max_entries = 0 and TIMING_C is enabled,
+     entries would still be created.
 
 = PolarSSL 1.3.4 released on 2014-01-27
 Features
diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h
index daa07acb6..16144fee8 100644
--- a/include/polarssl/ssl_cache.h
+++ b/include/polarssl/ssl_cache.h
@@ -106,7 +106,7 @@ int ssl_cache_set( void *data, const ssl_session *session );
  *                 A timeout of 0 indicates no timeout.
  *
  * \param cache    SSL cache context
- * \param timeout  cache entry timeout
+ * \param timeout  cache entry timeout in seconds
  */
 void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout );
 #endif /* POLARSSL_HAVE_TIME */
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 6fff54b32..d94a7d9f4 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -186,8 +186,14 @@ int ssl_cache_set( void *data, const ssl_session *session )
         /*
          * Reuse oldest entry if max_entries reached
          */
-        if( old != NULL && count >= cache->max_entries )
+        if( count >= cache->max_entries )
         {
+            if( old == NULL )
+            {
+                ret = 1;
+                goto exit;
+            }
+
             cur = old;
             memset( &cur->session, 0, sizeof(ssl_session) );
 #if defined(POLARSSL_X509_CRT_PARSE_C)
@@ -228,6 +234,9 @@ int ssl_cache_set( void *data, const ssl_session *session )
 #endif /* POLARSSL_HAVE_TIME */
         else
         {
+            /*
+             * max_entries not reached, create new entry
+             */
             cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
             if( cur == NULL )
             {