Fix possible client crash on API misuse

commit: fa566e354549ab76bc3bd9bea0c06b259668ef59 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 03 10:44:32 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 03 11:01:37 2015 +0200
tree: 3735561a80dcc2e3297048e394cd81a0da890a76
parent: aa4e55bd230e0db31756c1260f090ecfdc89e14c [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index f4d3fdb..2bdaba0 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,11 @@
 
 = Version 1.2.16 released 2015-??-??
 
+Security
+   * Fix possible client-side NULL pointer dereference (read) when the client
+     tries to continue the handshake after it failed (a misuse of the API).
+     (Found by GDS Labs using afl-fuzz.)
+
 Bugfix
    * Fix unused function warning when using MBEDTLS_MDx_ALT or
      MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
commit	fa566e354549ab76bc3bd9bea0c06b259668ef59	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 03 10:44:32 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 03 11:01:37 2015 +0200
tree	3735561a80dcc2e3297048e394cd81a0da890a76
parent	aa4e55bd230e0db31756c1260f090ecfdc89e14c [diff] [blame]