aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-02-09 23:37:14 +0100
committerDaniel Stenberg <daniel@haxx.se>2016-02-09 23:37:14 +0100
commit716302c2cd59f96ecd96f949db92576d204cabae (patch)
tree497f9a4953146251e24a0db1bb121b99aadd71e4
parent50cd9c8aa1fbd227ce38c009a82cbe5fb82e0a51 (diff)
mbedtls: fix ALPN usage segfault
Since we didn't keep the input argument around after having called mbedtls, it could end up accessing the wrong memory when figuring out the ALPN protocols. Closes #642
-rw-r--r--lib/urldata.h3
-rw-r--r--lib/vtls/mbedtls.c10
2 files changed, 8 insertions, 5 deletions
diff --git a/lib/urldata.h b/lib/urldata.h
index e7341ac0f..ab26c0111 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -297,6 +297,7 @@ struct ssl_connect_data {
mbedtls_x509_crl crl;
mbedtls_pk_context pk;
mbedtls_ssl_config config;
+ const char *protocols[3];
#elif defined(USE_POLARSSL)
ctr_drbg_context ctr_drbg;
entropy_context entropy;
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index cc71f59d9..cf8996786 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -384,19 +384,21 @@ mbedtls_connect_step1(struct connectdata *conn,
#ifdef HAS_ALPN
if(data->set.ssl_enable_alpn) {
- const char *protocols[3];
- const char **p = protocols;
+ const char **p = &connssl->protocols[0];
#ifdef USE_NGHTTP2
if(data->set.httpversion >= CURL_HTTP_VERSION_2)
*p++ = NGHTTP2_PROTO_VERSION_ID;
#endif
*p++ = ALPN_HTTP_1_1;
*p = NULL;
- if(mbedtls_ssl_conf_alpn_protocols(&connssl->config, protocols)) {
+ /* this function doesn't clone the protocols array, which is why we need
+ to keep it around */
+ if(mbedtls_ssl_conf_alpn_protocols(&connssl->config,
+ &connssl->protocols[0])) {
failf(data, "Failed setting ALPN protocols");
return CURLE_SSL_CONNECT_ERROR;
}
- for(p = protocols; *p; ++p)
+ for(p = &connssl->protocols[0]; *p; ++p)
infof(data, "ALPN, offering %s\n", *p);
}
#endif