Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/5d8618539f8e186c1b2c1b5a548d6f85936fe41f^!/./ChangeLog
commit
5d8618539f8e186c1b2c1b5a548d6f85936fe41f
[log]
author
Manuel Pégourié-Gonnard <mpg@elzevir.fr>
Fri Oct 17 12:41:41 2014 +0200
committer
Manuel Pégourié-Gonnard <mpg@elzevir.fr>
Fri Oct 17 12:41:41 2014 +0200
tree
560ea61637f2a9cb0dcb57b65dd32e5dc9b6b124
parent
64938c63f0f15d530655311ac969b3d73de51c1f [diff] [blame]
Fix memory leak while parsing some X.509 certs

diff --git a/ChangeLog b/ChangeLog
index 8e74c0b..84420b9 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -4,6 +4,9 @@
 Security
    * Lowest common hash was selected from signature_algorithms extension in
      TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
+   * Remotely-triggerable memory leak when parsing some X.509 certificates
+     (server is not affected if it doesn't ask for a client certificate).
+     (Found using Codenomicon Defensics.)
 
 Bugfix
    * Support escaping of commas in x509_string_to_names()
@@ -36,6 +39,8 @@
    * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
      RSA keys.
    * Accept spaces at end of line or end of buffer in base64_decode().
+   * X.509 certificates with more than one AttributeTypeAndValue per
+     RelativeDistinguishedName are not accepted any more.
 
 = PolarSSL 1.3.8 released 2014-07-11
 Security