Fix potential random malloc in pem_read()

commit: 9bf29bee22d85d370388683e708412bf0eecfc43 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Sep 28 18:27:15 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Sep 30 17:01:35 2015 +0200
tree: d39e2c81534f342e84a2985eef72957333a696ce
parent: 59efb6a1b9019dde5076d318d1b5130d06b52bf2 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 329e563..89caddb 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,6 +11,10 @@
      but might be in other uses. On 32 bit machines, requires reading a string
      of close to or larger than 1GB to exploit; on 64 bit machines, would require
      reading a string of close to or larger than 2^62 bytes.
+   * Fix potential random memory allocation in mbedtls_pem_read_buffer()
+     on crafted PEM input data. Found an fix provided by Guid Vranken.
+     Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
+     data from an untrusted source.
 
 = mbed TLS 1.3.13 reladsed 2015-09-17
commit	9bf29bee22d85d370388683e708412bf0eecfc43	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Sep 28 18:27:15 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Sep 30 17:01:35 2015 +0200
tree	d39e2c81534f342e84a2985eef72957333a696ce
parent	59efb6a1b9019dde5076d318d1b5130d06b52bf2 [diff] [blame]