Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks.

commit: ce49a250333ff25ca896108bc3f953cbb21f9638 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Fri Feb 10 14:39:58 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Fri Jul 28 22:28:04 2017 +0100
tree: ea7c6c9f7d6b2da2c0e50103210346268ff99074
parent: 2dfb02151d0e5de147beeccd0bc88492409171dd [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8db6551..59a1c0d 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -13,6 +13,10 @@
      Found by redplait #590
    * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
      Reported and fix suggested by guidovranken in #740
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
+     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
+     KNOX Security, Samsung Research America
 
 Security
    * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
commit	ce49a250333ff25ca896108bc3f953cbb21f9638	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Fri Feb 10 14:39:58 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Fri Jul 28 22:28:04 2017 +0100
tree	ea7c6c9f7d6b2da2c0e50103210346268ff99074
parent	2dfb02151d0e5de147beeccd0bc88492409171dd [diff] [blame]