Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop.

commit: 939954c0b0bece68b3e0664fbbc305237e78d6b4 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Dec 08 17:08:44 2016 +0000
committer: Andres AG <andres.amayagarcia@arm.com> Thu Jan 19 16:43:48 2017 +0000
tree: 24b5dd4dab501d0b1debb1f3668b1f09329b4983
parent: cb587009d679812dc27979c867cdc0e056a132e6 [diff]
diff --git a/ChangeLog b/ChangeLog
index 0a857ba..1d13064 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fixed potential livelock during the parsing of a CRL in PEM format in
+     mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
+     characters after the footer could result in the execution of an infinite
+     loop. The issue can be triggered remotely. Found by Greg Zaverucha,
+     Microsoft.
+
 = mbed TLS 2.4.1 branch released 2016-12-13
 
 Changes

diff --git a/library/x509_crl.c b/library/x509_crl.c
index 7b2b473..5b0adef 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c

@@ -530,7 +530,7 @@
 
             mbedtls_pem_free( &pem );
         }
-        else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        else if( is_pem )
         {
             mbedtls_pem_free( &pem );
             return( ret );
commit	939954c0b0bece68b3e0664fbbc305237e78d6b4	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Dec 08 17:08:44 2016 +0000
committer	Andres AG <andres.amayagarcia@arm.com>	Thu Jan 19 16:43:48 2017 +0000
tree	24b5dd4dab501d0b1debb1f3668b1f09329b4983
parent	cb587009d679812dc27979c867cdc0e056a132e6 [diff]