Fixed copy and paste error

Accidental additional assignment in ssl_write_alpn_ext()
This commit is contained in:
Simon Butcher 2015-09-29 00:31:09 +01:00
parent 0fc94e9f83
commit 04799a4274
2 changed files with 12 additions and 2 deletions

View file

@ -1,6 +1,16 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.1.1 released 2015-09-17 = mbed TLS 2.1.2 released 2015-10-xx
Security
* Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
overflow of the hostname or session ticket.
Changes
* Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
domain names are compliant with RFC 1035.
= mbe TLS 2.1.1 released 2015-09-17
Security Security
* Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5

View file

@ -535,7 +535,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
alpnlen += *p = (unsigned char)( strlen( *cur ) & 0xFF ); alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
if( end < p || (size_t)( end - p ) < 6 + alpnlen ) if( end < p || (size_t)( end - p ) < 6 + alpnlen )
{ {