| Manuel Pégourié-Gonnard | 5f6310b | 2025-05-26 12:38:52 +0200 | [diff] [blame^] | 1 | Security |
| 2 | * Fix a bug in mbedtls_asn1_store_named_data() where it would sometimes leave |
| 3 | an item in the output list in an inconsistent state with val.p == NULL but |
| 4 | val.len > 0. This impacts applications that call this function directly, |
| 5 | or indirectly via mbedtls_x509_string_to_names() or one of the |
| 6 | mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions. The |
| 7 | inconsistent state of the output could then cause a NULL dereference either |
| 8 | inside the same call to mbedtls_x509_string_to_names(), or in subsequent |
| 9 | users of the output structure, such as mbedtls_x509_write_names(). This |
| 10 | only affects applications that create (as opposed to consume) X.509 |
| 11 | certificates, CSRs or CRLS, or that call mbedtls_asn1_store_named_data() |
| 12 | directly. Found by Linh Le and Ngan Nguyen from Calif. |