Fix a bug in the construction of the ClienHello SRTP extension Reviewed-by: Rich Salz <rsalz@openssl.org>

commit: 7facdbd66f19f4a87cf2a5a335568c879772d92f [log] [tgz]
author: Matt Caswell <matt@openssl.org> Wed Sep 28 13:33:41 2016 +0100
committer: Matt Caswell <matt@openssl.org> Thu Sep 29 10:06:46 2016 +0100
tree: 95a0577c1265b97cf64109498add6a1f07d7fa66
parent: 7507e73d409b8f3046d6efcc3f4c0b6208b59b64 [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 501bf24..230fe66 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -1302,7 +1302,7 @@
     }
 #ifndef OPENSSL_NO_SRTP
     if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
-        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
+        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
         SRTP_PROTECTION_PROFILE *prof;
         int i, ct;
 
@@ -1322,7 +1322,10 @@
                 return 0;
             }
         }
-        if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        if (!WPACKET_close(pkt)
+                   /* Add an empty use_mki value */
+                || !WPACKET_put_bytes_u8(pkt, 0)
+                || !WPACKET_close(pkt)) {
             SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
             return 0;
         }
commit	7facdbd66f19f4a87cf2a5a335568c879772d92f	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Wed Sep 28 13:33:41 2016 +0100
committer	Matt Caswell <matt@openssl.org>	Thu Sep 29 10:06:46 2016 +0100
tree	95a0577c1265b97cf64109498add6a1f07d7fa66
parent	7507e73d409b8f3046d6efcc3f4c0b6208b59b64 [diff] [blame]