From 880334cba0369d148dfefa6d3ab115379062498d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 14 Dec 2020 14:42:13 +0100
Subject: [PATCH 1/2] Fix use-after-scope error in programs/ssl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mbedtls_ssl_conf_dtls_srtp_protection_profiles stores the pointer to the
profiles in the configuration.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 programs/ssl/ssl_client2.c | 4 ++--
 programs/ssl/ssl_server2.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index fc6906117..1ddfb804c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2339,12 +2339,12 @@ int main( int argc, char *argv[] )
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
+    const mbedtls_ssl_srtp_profile forced_profile[] =
+                                { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
     if( opt.use_srtp == 1 )
     {
         if( opt.force_srtp_profile != 0 )
         {
-            const mbedtls_ssl_srtp_profile forced_profile[] =
-                                        { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
             ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
         }
         else
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ceeb2245e..4e11cb3a0 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3151,11 +3151,11 @@ int main( int argc, char *argv[] )
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
+    const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
     if( opt.use_srtp == 1 )
     {
         if( opt.force_srtp_profile != 0 )
         {
-            const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
             ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile );
         }
         else

From 0bd9d226bc377f4909daba1dffa27953d988dcb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Wed, 16 Dec 2020 15:02:50 +0100
Subject: [PATCH 2/2] Add Changelog entry
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 ChangeLog.d/programs-ssl-use-after-scope.txt | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 ChangeLog.d/programs-ssl-use-after-scope.txt

diff --git a/ChangeLog.d/programs-ssl-use-after-scope.txt b/ChangeLog.d/programs-ssl-use-after-scope.txt
new file mode 100644
index 000000000..64bea61a4
--- /dev/null
+++ b/ChangeLog.d/programs-ssl-use-after-scope.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c