Fix stack-use-after-scope
authorPeter Wu <peter@lekensteyn.nl>
Tue, 20 Mar 2018 22:47:06 +0000 (23:47 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Mar 2018 09:38:07 +0000 (09:38 +0000)
Fixes regression from #5667.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5701)

ssl/statem/extensions_clnt.c

index bebf73a..5c36004 100644 (file)
@@ -744,6 +744,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
                                          unsigned int context, X509 *x,
                                          size_t chainidx)
 {
+#ifndef OPENSSL_NO_PSK
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+#endif  /* OPENSSL_NO_PSK */
     const unsigned char *id = NULL;
     size_t idlen = 0;
     SSL_SESSION *psksess = NULL;
@@ -765,7 +768,6 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
 
 #ifndef OPENSSL_NO_PSK
     if (psksess == NULL && s->psk_client_callback != NULL) {
-        char identity[PSK_MAX_IDENTITY_LEN + 1];
         unsigned char psk[PSK_MAX_PSK_LEN];
         size_t psklen = 0;