Add missing bounds check in X509 DER write funcs This patch adds checks in both mbedtls_x509write_crt_der and mbedtls_x509write_csr_der before the signature is written to buf using memcpy().

commit: 0c12bd69f5f70f089216f7a9d58bcf5933b8c173 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Fri Sep 02 15:23:48 2016 +0100
committer: Simon Butcher <simon.butcher@arm.com> Thu Oct 13 14:20:14 2016 +0100
tree: 172ae11afb4047d188ae486a50677e8c2ae525a7
parent: 441d6f98336940a6eb2f6db4720bc265a36eca2f [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 4ab77fa..771f7c5 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,6 +11,10 @@
      mbedtls_x509write_csr_der() when the signature is copied to the buffer
      without checking whether there is enough space in the destination. The
      issue cannot be triggered remotely. (found by Jethro Beekman)
+   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+     mbedtls_x509write_csr_der() when the signature is copied to the buffer
+     without checking whether there is enough space in the destination. It is
+     not triggerable remotely in SSL/TLS.
 
 Bugfix
    * Fix an issue that caused valid certificates being rejected whenever an
commit	0c12bd69f5f70f089216f7a9d58bcf5933b8c173	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Fri Sep 02 15:23:48 2016 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Thu Oct 13 14:20:14 2016 +0100
tree	172ae11afb4047d188ae486a50677e8c2ae525a7
parent	441d6f98336940a6eb2f6db4720bc265a36eca2f [diff] [blame]