Handle compression methods correctly with SSLv2 compat ClientHello

In the case of an SSLv2 compat ClientHello we weren't setting up the compression methods correctly, which could lead to uninit reads or crashes. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org>

Handle compression methods correctly with SSLv2 compat ClientHello
In the case of an SSLv2 compat ClientHello we weren't setting up the compression methods correctly, which could lead to uninit reads or crashes. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org>
4bfe1432 · Matt Caswell · 1ab3836b · 4bfe1432
隐藏空白更改
内联并排

Showing with 6 addition and 7 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +6 -7

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1039,10 +1039,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
            goto f_err;
        }

-        if (!PACKET_get_length_prefixed_1(pkt, &compression)
-                || !PACKET_copy_all(&compression, clienthello.compressions,
-                               MAX_COMPRESSIONS_SIZE,
-                               &clienthello.compressions_len)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
            al = SSL_AD_DECODE_ERROR;
            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
            goto f_err;
@@ -1060,9 +1057,11 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
        }
    }

-    if (!PACKET_copy_all(&session_id, clienthello.session_id,
-                         SSL_MAX_SSL_SESSION_ID_LENGTH,
-                         &clienthello.session_id_len)) {
+    if (!PACKET_copy_all(&compression, clienthello.compressions,
+                         MAX_COMPRESSIONS_SIZE, &clienthello.compressions_len)
+            || !PACKET_copy_all(&session_id, clienthello.session_id,
+                                SSL_MAX_SSL_SESSION_ID_LENGTH,
+                                &clienthello.session_id_len)) {
        al = SSL_AD_DECODE_ERROR;
        SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
        goto f_err;