Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks.

commit: 1f06d9bac7c4f89323cb8b67c0e97fef625aafac [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Mar 09 16:16:11 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Wed Jul 26 17:57:43 2017 +0100
tree: 9c325405b834062a72eab566d7df1257950674e2
parent: 0ff660e0a6d680c7941e34a45de77b3a4c44098b [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 2149ff2..62ef470 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -131,6 +131,9 @@
      digits. Found and fixed by Guido Vranken.
    * Fix unlisted DES configuration dependency in some pkparse test cases. Found
      by inestlerode. #555
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 certificates. The overflow would enable maliciously
+     constructed certificates to bypass the certificate verification check.
 
 = mbed TLS 2.1.6 branch released 2016-10-17
commit	1f06d9bac7c4f89323cb8b67c0e97fef625aafac	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Mar 09 16:16:11 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Wed Jul 26 17:57:43 2017 +0100
tree	9c325405b834062a72eab566d7df1257950674e2
parent	0ff660e0a6d680c7941e34a45de77b3a4c44098b [diff] [blame]