Clear existing extension state.

When parsing ClientHello clear any existing extension state from
SRP login and SRTP profile.

Thanks to Karthikeyan Bhargavan for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fec7ace0a14eccf556729cfe411955888e2b2cfd..2180c54254d5c0a791e5561005713c0ab1279d64 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1996,6 +1996,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
        s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
 #endif
 
+#ifndef OPENSSL_NO_SRP
+       if (s->srp_ctx.login != NULL)
+               {
+               OPENSSL_free(s->srp_ctx.login);
+               s->srp_ctx.login = NULL;
+               }
+#endif
+
+       s->srtp_profile = NULL;
+
        if (data >= (d+n-2))
                goto ri_check;
        n2s(data,len);