Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks.

commit: 26124be17aedbb6984d824d932dea0d1f7b2b33d [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Wed Mar 01 15:14:30 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Thu Jul 27 11:49:08 2017 +0100
tree: 9e1c74ba728afe56eb8b35014d05f084d95b7e5a
parent: 57501ef056585bd52988db296ceb17d09f6a4989 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 081bcf1..e50604d 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -13,6 +13,10 @@
      Found by redplait #590
    * Add MPI_CHK to check for error value of mpi_fill_random.
      Backported from a report and fix suggestion by guidovranken in #740
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
+     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
+     KNOX Security, Samsung Research America
 
 = mbed TLS 1.3.20 branch released 2017-06-21
commit	26124be17aedbb6984d824d932dea0d1f7b2b33d	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Wed Mar 01 15:14:30 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Thu Jul 27 11:49:08 2017 +0100
tree	9e1c74ba728afe56eb8b35014d05f084d95b7e5a
parent	57501ef056585bd52988db296ceb17d09f6a4989 [diff] [blame]