From 9c9812a299246b95a9591b6b36d4d8a6dbfa7d65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 23 Aug 2013 12:18:46 +0200
Subject: [PATCH] Fix bug introduced in dbf69cf

(Was writing outside array bounds.)
---
 library/ssl_cli.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 1beefab338..38b402954d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -134,7 +134,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
                                                 size_t *olen )
 {
     unsigned char *p = buf;
-    unsigned char sig_alg_list[20];
+    unsigned char *sig_alg_list = buf + 6;
     size_t sig_alg_len = 0;
 
     *olen = 0;
@@ -218,8 +218,6 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
     *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( sig_alg_len      ) & 0xFF );
 
-    memcpy( p, sig_alg_list, sig_alg_len );
-
     *olen = 6 + sig_alg_len;
 }