From 0fc4f1a60312cd1f1e24af748d324221610229c3 Mon Sep 17 00:00:00 2001
From: Todd Short <tshort@akamai.com>
Date: Mon, 18 Oct 2021 16:54:31 -0400
Subject: QUIC: Error when non-empty session_id in CH (fixes #29)

---
 ssl/statem/statem_srvr.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b21e519041..a6980c32a8 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1596,6 +1596,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
                 goto err;
             }
         }
+#ifndef OPENSSL_NO_QUIC
+        if (SSL_IS_QUIC(s)) {
+            /* Any other QUIC checks on ClientHello here */
+            if (clienthello->session_id_len > 0) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+#endif
     }
 
     if (!PACKET_copy_all(&compression, clienthello->compressions,
-- 
2.35.3