Fix heap-buffer overread in ALPN ext parsing

commit: 239987fd31255e2f8dc0fb03541d311deae6ee51 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jan 09 10:43:43 2018 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jan 09 13:48:38 2018 +0100
tree: ee6a5653f3e8b63bff04bf24f80360916a8ede5d
parent: 3366d373f887e0995478109bf9212b620105b6e6 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 3f5e56f..ef5abb8 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -38,6 +38,9 @@
      corrupt 6 bytes on the peer's heap, potentially leading to crash or
      remote code execution. This can be triggered remotely from either
      side in both TLS and DTLS.
+   * Fix a potential heap buffer overread in ALPN extension parsing
+     (server-side). Could result in application crash, but only if an ALPN
+     name larger than 16 bytes had been configured on the server.
 
 Features
    * Allow comments in test data files.
commit	239987fd31255e2f8dc0fb03541d311deae6ee51	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jan 09 10:43:43 2018 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jan 09 13:48:38 2018 +0100
tree	ee6a5653f3e8b63bff04bf24f80360916a8ede5d
parent	3366d373f887e0995478109bf9212b620105b6e6 [diff] [blame]