Handle compression methods correctly with SSLv2 compat ClientHello
[openssl.git] / ssl / statem / statem_srvr.c
index 9911e3ccde0808ace0285b103a6296c726dd8358..c7841ac48efdb841383386c9537d5827b6dfba23 100644 (file)
@@ -1039,10 +1039,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
             goto f_err;
         }
 
-        if (!PACKET_get_length_prefixed_1(pkt, &compression)
-                || !PACKET_copy_all(&compression, clienthello.compressions,
-                               MAX_COMPRESSIONS_SIZE,
-                               &clienthello.compressions_len)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
             al = SSL_AD_DECODE_ERROR;
             SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
             goto f_err;
@@ -1060,9 +1057,11 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         }
     }
 
-    if (!PACKET_copy_all(&session_id, clienthello.session_id,
-                         SSL_MAX_SSL_SESSION_ID_LENGTH,
-                         &clienthello.session_id_len)) {
+    if (!PACKET_copy_all(&compression, clienthello.compressions,
+                         MAX_COMPRESSIONS_SIZE, &clienthello.compressions_len)
+            || !PACKET_copy_all(&session_id, clienthello.session_id,
+                                SSL_MAX_SSL_SESSION_ID_LENGTH,
+                                &clienthello.session_id_len)) {
         al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
         goto f_err;