Add missing bounds check in X509 DER write funcs This patch adds checks in both mbedtls_x509write_crt_der and mbedtls_x509write_csr_der before the signature is written to buf using memcpy().

commit: 372bf79d67ed21cb0eab5bc92e8806a0a9507a65 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Fri Sep 02 15:23:48 2016 +0100
committer: Simon Butcher <simon.butcher@arm.com> Thu Oct 13 12:45:07 2016 +0100
tree: 77eb11ebbf6616837796dc025a0492a37d93c45b
parent: 80d191bbe98221e0c2ee19b8f77f454a52692c5a [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index e64b8c2..29d806a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,6 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS 1.3.x
+= mbed TLS 1.3.x branch 2016-xx-xx
+
+Security
+   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+     mbedtls_x509write_csr_der() when the signature is copied to the buffer
+     without checking whether there is enough space in the destination. It is
+     not triggerable remotely in SSL/TLS.
 
 Bugfix
    * Fix an issue that caused valid certificates being rejected whenever an
commit	372bf79d67ed21cb0eab5bc92e8806a0a9507a65	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Fri Sep 02 15:23:48 2016 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Thu Oct 13 12:45:07 2016 +0100
tree	77eb11ebbf6616837796dc025a0492a37d93c45b
parent	80d191bbe98221e0c2ee19b8f77f454a52692c5a [diff] [blame]