mbedtls: fix ALPN usage segfault (716302c2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/urldata.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -297,6 +297,7 @@ struct ssl_connect_data {
		mbedtls_x509_crl crl;
		mbedtls_pk_context pk;
		mbedtls_ssl_config config;
		const char *protocols[3];
		#elif defined(USE_POLARSSL)
		ctr_drbg_context ctr_drbg;
		entropy_context entropy;

+6 −4

Original line number	Diff line number	Diff line
		@@ -384,19 +384,21 @@ mbedtls_connect_step1(struct connectdata *conn,

		#ifdef HAS_ALPN
		if(data->set.ssl_enable_alpn) {
		const char *protocols[3];
		const char **p = protocols;
		const char **p = &connssl->protocols[0];
		#ifdef USE_NGHTTP2
		if(data->set.httpversion >= CURL_HTTP_VERSION_2)
		*p++ = NGHTTP2_PROTO_VERSION_ID;
		#endif
		*p++ = ALPN_HTTP_1_1;
		*p = NULL;
		if(mbedtls_ssl_conf_alpn_protocols(&connssl->config, protocols)) {
		/* this function doesn't clone the protocols array, which is why we need
		to keep it around */
		if(mbedtls_ssl_conf_alpn_protocols(&connssl->config,
		&connssl->protocols[0])) {
		failf(data, "Failed setting ALPN protocols");
		return CURLE_SSL_CONNECT_ERROR;
		}
		for(p = protocols; *p; ++p)
		for(p = &connssl->protocols[0]; *p; ++p)
		infof(data, "ALPN, offering %s\n", *p);
		}
		#endif