From aeda172afd37e6f7b2f285b5f18a5978415cbc9b Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Wed, 6 Jun 2012 12:52:19 +0000
Subject: [PATCH] Parse authz correctly.

---
 ssl/s3_srvr.c | 4 ++++
 ssl/t1_lib.c  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index fdf8052aa1..b372a9a58c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3676,6 +3676,8 @@ int tls1_send_server_supplemental_data(SSL *s)
 
 		type = *(authz++);
 		n2s(authz, len);
+		/* n2s increments authz by 2*/
+		i += 2;
 
 		if (memchr(s->s3->tlsext_authz_client_types,
 			   type,
@@ -3719,6 +3721,8 @@ int tls1_send_server_supplemental_data(SSL *s)
 
 		type = *(authz++);
 		n2s(authz, len);
+		/* n2s increments authz by 2 */
+		i += 2;
 
 		if (memchr(s->s3->tlsext_authz_client_types,
 			   type,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index bb4fbe6587..85a5681f87 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1234,6 +1234,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 				authz_count++;
 
 			n2s(authz, length);
+			/* n2s increments authz by 2 */
+			i += 2;
 			authz += length;
 			i += length;
 			}
@@ -1267,6 +1269,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 				   s->s3->tlsext_authz_client_types_len) != NULL)
 				*(ret++) = type;
 			n2s(authz, length);
+			/* n2s increments authz by 2 */
+			i += 2;
 			authz += length;
 			i += length;
 			}
-- 
2.25.1