Fix length checking for AEAD ciphersuites

commit: 0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jun 17 10:54:17 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Jun 25 11:26:10 2014 +0200
tree: 2ed444601e04fabc767571e63a9d4978384153bf
parent: 1c98ff96b526db4224b09db0db4a50a2296fdbd7 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index c1df109..563aa54 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -5,6 +5,11 @@
 (and various x509 structures got a new member)
 
 = PolarSSL 1.3 branch
+Security
+   * Fix length checking for AEAD ciphersuites (found by Codenomicon).
+     It was possible to crash the server (and client) using crafted messages
+     when a GCM suite was chosen.
+
 Features
    * Add CCM module and cipher mode to Cipher Layer
    * Support for CCM and CCM_8 ciphersuites
commit	0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Jun 17 10:54:17 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Jun 25 11:26:10 2014 +0200
tree	2ed444601e04fabc767571e63a9d4978384153bf
parent	1c98ff96b526db4224b09db0db4a50a2296fdbd7 [diff] [blame]