make RSA blinding thread-safe

[openssl.git] / ssl / s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 0bc04d284e83060164cc2a429ca23d686761c20b..1d24dedc918b261552f0b9376079dbd124fa2c43 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -1014,14 +1014,14 @@ static int get_server_finished(SSL *s)
                 * or bad things can happen */
                /* ZZZZZZZZZZZZZ */
                s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-               memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
+               memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
                }
        else
                {
                if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
                        {
                        if ((s->session->session_id_length > sizeof s->session->session_id)
-                           || (0 != memcmp(buf, s->session->session_id,
+                           || (0 != memcmp(buf + 1, s->session->session_id,
                                            (unsigned int)s->session->session_id_length)))
                                {
                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);