Reordered extension fields and added to ChangeLog
Reordered the transmission sequence of TLS extension fields in client hello
and added to ChangeLog.
diff --git a/ChangeLog b/ChangeLog
index 44f4408..ddba5c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 1.3.14 released 2015-10-xx
+
+Security
+ * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
+ overflow of the hostname or session ticket. (Found by Guido Vranken)
+
+Changes
+ * Added checking of hostname length in ssl_set_hostname() to ensure domain
+ names are compliant with RFC 1035.
+
= mbed TLS 1.3.13 reladsed 2015-09-17
Security
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index deeee33..ef86cd2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -75,7 +75,7 @@
SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
ssl->hostname ) );
- if( (size_t)(end - p) < ssl->hostname_len + 9 )
+ if( end < p || (size_t)( end - p ) < ssl->hostname_len + 9 )
{
SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
@@ -877,13 +877,13 @@
ext_len += olen;
#endif
-#if defined(POLARSSL_SSL_SESSION_TICKETS)
- ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+#if defined(POLARSSL_SSL_ALPN)
+ ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
-#if defined(POLARSSL_SSL_ALPN)
- ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif