Fix potential heap corruption on Windows If len is large enough, when cast to an int it will be negative and then the test if( len > MAX_PATH - 3 ) will not behave as expected.

commit: 261faed725e29bd34abbf1f95df5fab43791f40c [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 21 10:16:29 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 21 10:25:22 2015 +0200
tree: fc98167aee0562da1896ad93022aefa43cc9a4a8
parent: cdea97c1c310e6adfbcf92e5feb90f2841efde78 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index aa96b18..9204fd0 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.2.0 released 2015-10-xx
+
+Security
+   * Fix potential heap corruption on Windows when
+     mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
+     triggered remotely. Found by Guido Vranken, Interlworks.
+
 = mbed TLS 2.1.2 released 2015-10-06
 
 Security
commit	261faed725e29bd34abbf1f95df5fab43791f40c	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Oct 21 10:16:29 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Oct 21 10:25:22 2015 +0200
tree	fc98167aee0562da1896ad93022aefa43cc9a4a8
parent	cdea97c1c310e6adfbcf92e5feb90f2841efde78 [diff] [blame]