Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks.

commit: 80164741e181a87ae18fa91a07f7201931b4d097 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Mar 09 16:16:11 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Thu Jul 27 21:44:34 2017 +0100
tree: 4f327f23598154cfa9bca51f3aa620db0c6c6db0
parent: 7d6ec7bacc9f03d671af9155f484296f675470f8 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 58ee285..567e988 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -228,6 +228,9 @@
      digits. Found and fixed by Guido Vranken.
    * Fix unlisted DES configuration dependency in some pkparse test cases. Found
      by inestlerode. #555
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 certificates. The overflow would enable maliciously
+     constructed certificates to bypass the certificate verification check.
 
 = mbed TLS 2.4.1 branch released 2016-12-13
commit	80164741e181a87ae18fa91a07f7201931b4d097	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Mar 09 16:16:11 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Thu Jul 27 21:44:34 2017 +0100
tree	4f327f23598154cfa9bca51f3aa620db0c6c6db0
parent	7d6ec7bacc9f03d671af9155f484296f675470f8 [diff] [blame]