Fixed copy and paste error

Accidental additional assignment in ssl_write_alpn_ext()
2024-10-18 10:11:04 +00:00 · 2015-09-29 00:31:09 +01:00 · 2015-09-29 00:31:09 +01:00 · 04799a4274
parent 0fc94e9f83
commit 04799a4274
2 changed files with 12 additions and 2 deletions
--- a/12
+++ b/12
@ -1,6 +1,16 @@
 mbed TLS ChangeLog (Sorted per branch, date)

-= mbed TLS 2.1.1 released 2015-09-17
+= mbed TLS 2.1.2 released 2015-10-xx
+
+Security
+   * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
+     overflow of the hostname or session ticket.
+
+Changes
+   * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
+     domain names are compliant with RFC 1035.
+
+= mbe TLS 2.1.1 released 2015-09-17

 Security
   * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -535,7 +535,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );

    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-        alpnlen +=   *p = (unsigned char)( strlen( *cur ) & 0xFF );
+        alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;

    if( end < p || (size_t)( end - p ) < 6 + alpnlen )
    {