Fix stack use-after-free in QUIC

[openssl.git] / ssl / quic / quic_tserver.c

diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c
index a94a6b9dbee25bd4c4c64e8d59128795c4c123eb..498ea622380ad52b36a67fb829e1f5553b2174c8 100644 (file)
--- a/ssl/quic/quic_tserver.c
+++ b/ssl/quic/quic_tserver.c
@@ -47,7 +47,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out,
                           unsigned char *outlen, const unsigned char *in,
                           unsigned int inlen, void *arg)
 {
-    unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
+    static const unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
 
     if (SSL_select_next_proto((unsigned char **)out, outlen, alpn, sizeof(alpn),
                               in, inlen) != OPENSSL_NPN_NEGOTIATED)