From 2be3d6ebc8cb5ee14f7a9792cd67491a5132cace Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 1 Jan 2010 14:39:37 +0000
Subject: [PATCH] Client side compression algorithm sanity checks: ensure old
 compression algorithm matches current and give error if compression is
 disabled and server requests it (shouldn't happen unless server is broken).

---
 ssl/s3_clnt.c | 23 ++++++++++++++++++++++-
 ssl/s3_srvr.c |  2 +-
 ssl/ssl.h     |  2 ++
 ssl/ssl_err.c |  2 ++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3d40ba41fa..af30d1af14 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -891,10 +891,31 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		goto f_err;
 		}
+	/* If compression is disabled we'd better not try to resume a session
+	 * using compression.
+	 */
+	if (s->session->compress_meth != 0)
+		{
+		al=SSL_AD_INTERNAL_ERROR;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+		goto f_err;
+		}
 #else
 	j= *(p++);
-	if ((j == 0) || (s->options & SSL_OP_NO_COMPRESSION))
+	if (s->hit && j != (int)s->session->compress_meth)
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+		goto f_err;
+		}
+	if (j == 0)
 		comp=NULL;
+	else if (s->options & SSL_OP_NO_COMPRESSION)
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
+		goto f_err;
+		}
 	else
 		comp=ssl3_comp_find(s->ctx->comp_methods,j);
 	
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index fadf638cc9..8c8c1486ee 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1159,7 +1159,7 @@ int ssl3_get_client_hello(SSL *s)
 	/* If compression is disabled we'd better not try to resume a session
 	 * using compression.
 	 */
-	if (s->session->compress_id != 0)
+	if (s->session->compress_meth != 0)
 		{
 		al=SSL_AD_INTERNAL_ERROR;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d6c254e48e..3b725eabf6 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2077,6 +2077,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
 #define SSL_R_CLIENTHELLO_TLSEXT			 226
 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
+#define SSL_R_COMPRESSION_DISABLED			 343
 #define SSL_R_COMPRESSION_FAILURE			 141
 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307
 #define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
@@ -2171,6 +2172,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NULL_SSL_CTX				 195
 #define SSL_R_NULL_SSL_METHOD_PASSED			 196
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
+#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
 #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
 #define SSL_R_PACKET_LENGTH_TOO_LONG			 198
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 44f2f6bbc3..2bd86316ca 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -329,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
 {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    ,"clienthello tlsext"},
 {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
+{ERR_REASON(SSL_R_COMPRESSION_DISABLED)  ,"compression disabled"},
 {ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},
 {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
@@ -423,6 +424,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
+{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
 {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
-- 
2.25.1