Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop.

commit: 939954c0b0bece68b3e0664fbbc305237e78d6b4 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Dec 08 17:08:44 2016 +0000
committer: Andres AG <andres.amayagarcia@arm.com> Thu Jan 19 16:43:48 2017 +0000
tree: 24b5dd4dab501d0b1debb1f3668b1f09329b4983
parent: cb587009d679812dc27979c867cdc0e056a132e6 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 0a857ba..1d13064 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fixed potential livelock during the parsing of a CRL in PEM format in
+     mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
+     characters after the footer could result in the execution of an infinite
+     loop. The issue can be triggered remotely. Found by Greg Zaverucha,
+     Microsoft.
+
 = mbed TLS 2.4.1 branch released 2016-12-13
 
 Changes
commit	939954c0b0bece68b3e0664fbbc305237e78d6b4	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Dec 08 17:08:44 2016 +0000
committer	Andres AG <andres.amayagarcia@arm.com>	Thu Jan 19 16:43:48 2017 +0000
tree	24b5dd4dab501d0b1debb1f3668b1f09329b4983
parent	cb587009d679812dc27979c867cdc0e056a132e6 [diff] [blame]