)]}'
{
  "commit": "0c161d1956d72eb89c8660965535baeb2ec87dd3",
  "tree": "547072fb16659ed43524d24b15a94fe4c0485c5c",
  "parents": [
    "0592ea772aee48ca1e6d9eb84eca8e143033d973"
  ],
  "author": {
    "name": "Hanno Becker",
    "email": "hanno.becker@arm.com",
    "time": "Mon Oct 08 13:40:50 2018 +0100"
  },
  "committer": {
    "name": "Hanno Becker",
    "email": "hanno.becker@arm.com",
    "time": "Mon Oct 08 13:40:50 2018 +0100"
  },
  "message": "Fix bounds check in ssl_parse_server_psk_hint()\n\nIn the previous bounds check `(*p) \u003e end - len`, the computation\nof `end - len` might underflow if `end` is within the first 64KB\nof the address space (note that the length `len` is controlled by\nthe peer). In this case, the bounds check will be bypassed, leading\nto `*p` exceed the message bounds by up to 64KB when leaving\n`ssl_parse_server_psk_hint()`. In a pure PSK-based handshake,\nthis doesn\u0027t seem to have any consequences, as `*p*` is not accessed\nafterwards. In a PSK-(EC)DHE handshake, however, `*p` is read from\nin `ssl_parse_server_ecdh_params()` and `ssl_parse_server_dh_params()`\nwhich might lead to an application crash of information leakage.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8385720115068616bf9bce34a0196e2d42a2c11a",
      "old_mode": 33188,
      "old_path": "library/ssl_cli.c",
      "new_id": "b15bc515e8f57d0d0f9f670303fd1a4fbb474642",
      "new_mode": 33188,
      "new_path": "library/ssl_cli.c"
    }
  ]
}