Fix potential random malloc in pem_read()

commit: b73ce45b3f87672f5dfcc4e136ae8e9771c5552d [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Sep 28 18:27:15 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Oct 01 17:00:22 2015 +0200
tree: 9727781ce362445bb25b5167f1a6f0a26cc5ef33
parent: 9b75305d6a77383ddcacea46106aac55513d4a9e [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 0f8d4b8..d584090 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,6 +11,10 @@
      but might be in other uses. On 32 bit machines, requires reading a string
      of close to or larger than 1GB to exploit; on 64 bit machines, would require
      reading a string of close to or larger than 2^62 bytes.
+   * Fix potential random memory allocation in mbedtls_pem_read_buffer()
+     on crafted PEM input data. Found an fix provided by Guid Vranken.
+     Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
+     data from an untrusted source.
 
 = Version 1.2.16 released 2015-09-17
commit	b73ce45b3f87672f5dfcc4e136ae8e9771c5552d	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Sep 28 18:27:15 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Oct 01 17:00:22 2015 +0200
tree	9727781ce362445bb25b5167f1a6f0a26cc5ef33
parent	9b75305d6a77383ddcacea46106aac55513d4a9e [diff] [blame]