Fix a bug in the construction of the ClienHello SRTP extension

author Matt Caswell <matt@openssl.org>

Wed, 28 Sep 2016 12:33:41 +0000 (13:33 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 29 Sep 2016 09:06:46 +0000 (10:06 +0100)
author Matt Caswell <matt@openssl.org>
Wed, 28 Sep 2016 12:33:41 +0000 (13:33 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 29 Sep 2016 09:06:46 +0000 (10:06 +0100)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 501bf24fb16db311f93f7efe1c7ee4b6ad772285..230fe66da4d209a620cbfd38b795f21a56e3a0d9 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1302,7 +1302,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
      }
  #ifndef OPENSSL_NO_SRTP
      if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
-        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
+        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
          SRTP_PROTECTION_PROFILE *prof;
          int i, ct;
  
@@ -1322,7 +1322,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
                  return 0;
              }
          }
-        if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        if (!WPACKET_close(pkt)
+                   /* Add an empty use_mki value */
+                || !WPACKET_put_bytes_u8(pkt, 0)
+                || !WPACKET_close(pkt)) {
              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
              return 0;
          }
author	Matt Caswell <matt@openssl.org>
	Wed, 28 Sep 2016 12:33:41 +0000 (13:33 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 29 Sep 2016 09:06:46 +0000 (10:06 +0100)