Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks.

commit: 47f3059780d1436a3708703b1ba2c6ec394631ba [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Mar 09 16:46:14 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Thu Jul 27 11:50:04 2017 +0100
tree: 502e7239b9c0fde7f450592a7da51b420db6b332
parent: 26124be17aedbb6984d824d932dea0d1f7b2b33d [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index e50604d..e847b65 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -17,6 +17,9 @@
      encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
      to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
      KNOX Security, Samsung Research America
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 certificates. The overflow would enable maliciously
+     constructed certificates to bypass the certificate verification check.
 
 = mbed TLS 1.3.20 branch released 2017-06-21
commit	47f3059780d1436a3708703b1ba2c6ec394631ba	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Mar 09 16:46:14 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Thu Jul 27 11:50:04 2017 +0100
tree	502e7239b9c0fde7f450592a7da51b420db6b332
parent	26124be17aedbb6984d824d932dea0d1f7b2b33d [diff] [blame]