Handle compression methods correctly with SSLv2 compat ClientHello

In the case of an SSLv2 compat ClientHello we weren't setting up the
compression methods correctly, which could lead to uninit reads or crashes.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9911e3ccde0808ace0285b103a6296c726dd8358..c7841ac48efdb841383386c9537d5827b6dfba23 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1039,10 +1039,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
             goto f_err;
         }
 
-        if (!PACKET_get_length_prefixed_1(pkt, &compression)
-                || !PACKET_copy_all(&compression, clienthello.compressions,
-                               MAX_COMPRESSIONS_SIZE,
-                               &clienthello.compressions_len)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
             al = SSL_AD_DECODE_ERROR;
             SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
             goto f_err;
@@ -1060,9 +1057,11 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         }
     }
 
-    if (!PACKET_copy_all(&session_id, clienthello.session_id,
-                         SSL_MAX_SSL_SESSION_ID_LENGTH,
-                         &clienthello.session_id_len)) {
+    if (!PACKET_copy_all(&compression, clienthello.compressions,
+                         MAX_COMPRESSIONS_SIZE, &clienthello.compressions_len)
+            || !PACKET_copy_all(&session_id, clienthello.session_id,
+                                SSL_MAX_SSL_SESSION_ID_LENGTH,
+                                &clienthello.session_id_len)) {
         al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
         goto f_err;