Fixed copy and paste error
Accidental additional assignment in ssl_write_alpn_ext()
diff --git a/ChangeLog b/ChangeLog
index c9e48e2..4eb8dd8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,16 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.1.1 released 2015-09-17
+= mbed TLS 2.1.2 released 2015-10-xx
+
+Security
+ * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
+ overflow of the hostname or session ticket.
+
+Changes
+ * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
+ domain names are compliant with RFC 1035.
+
+= mbe TLS 2.1.1 released 2015-09-17
Security
* Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 825a74f..1ba8648 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -535,7 +535,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- alpnlen += *p = (unsigned char)( strlen( *cur ) & 0xFF );
+ alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
if( end < p || (size_t)( end - p ) < 6 + alpnlen )
{