Fix memory leak while parsing some X.509 certs

commit: 5d8618539f8e186c1b2c1b5a548d6f85936fe41f [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Oct 17 12:41:41 2014 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Oct 17 12:41:41 2014 +0200
tree: 560ea61637f2a9cb0dcb57b65dd32e5dc9b6b124
parent: 64938c63f0f15d530655311ac969b3d73de51c1f [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8e74c0b..84420b9 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -4,6 +4,9 @@
 Security
    * Lowest common hash was selected from signature_algorithms extension in
      TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
+   * Remotely-triggerable memory leak when parsing some X.509 certificates
+     (server is not affected if it doesn't ask for a client certificate).
+     (Found using Codenomicon Defensics.)
 
 Bugfix
    * Support escaping of commas in x509_string_to_names()
@@ -36,6 +39,8 @@
    * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
      RSA keys.
    * Accept spaces at end of line or end of buffer in base64_decode().
+   * X.509 certificates with more than one AttributeTypeAndValue per
+     RelativeDistinguishedName are not accepted any more.
 
 = PolarSSL 1.3.8 released 2014-07-11
 Security
commit	5d8618539f8e186c1b2c1b5a548d6f85936fe41f	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Oct 17 12:41:41 2014 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Oct 17 12:41:41 2014 +0200
tree	560ea61637f2a9cb0dcb57b65dd32e5dc9b6b124
parent	64938c63f0f15d530655311ac969b3d73de51c1f [diff] [blame]