Merge fix of IOTSSL-496 - Potential heap overflow Fix for potential overflow in ssl_write_certificate_request()

commit: 475cf0a98ab325df02d564737893bcfb6c33053c [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Mon Oct 05 11:57:54 2015 +0100
committer: Simon Butcher <simon.butcher@arm.com> Mon Oct 05 11:57:54 2015 +0100
tree: 2fdc214431cd6f0abd8597716813a0f8854e83af
parent: fec73a8eec71380debc0661de0c69ffebf4942d2 [diff] [blame]
parent: bc1babb38759446b93ec53d82f0ec961cffe1b5a [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 67da281..2e2e9f8 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -28,6 +28,10 @@
    * Fix potential double-free if mbedtls_conf_psk() is called repeatedly on
      the same mbedtls_ssl_config object and memory allocation fails. Found by
      Guido Vranken, Intelworks. Cannot be forced remotely.
+   * Fix potential heap buffer overflow in servers that perform client
+     authentication against a crafted CA cert. Cannot be triggered remotely
+     unless you allow third parties to pick trust CAs for client auth.
+     Found by Guido Vranken, Intelworks.
 
 Changes
    * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
commit	475cf0a98ab325df02d564737893bcfb6c33053c	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Mon Oct 05 11:57:54 2015 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Mon Oct 05 11:57:54 2015 +0100
tree	2fdc214431cd6f0abd8597716813a0f8854e83af
parent	fec73a8eec71380debc0661de0c69ffebf4942d2 [diff] [blame]
parent	bc1babb38759446b93ec53d82f0ec961cffe1b5a [diff] [blame]