Fix len miscalculation in buffer-based allocator

commit: 5dd28ea432cb8e04a2918c256d4d53f2bd417d23 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Nov 27 13:57:42 2014 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Jan 13 14:58:01 2015 +0100
tree: 4595283967690b2d3759d192bf4381d060638972
parent: 547ff6618fe75fb04cb5e3deb10163e50d63117c [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index a1e9837..85b5652 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -18,6 +18,9 @@
 Bugfix
    * Stack buffer overflow if ctr_drbg_update() is called with too large
      add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+   * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
+     if memory_buffer_alloc_init() was called with buf not aligned and len not
+     a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE.
 
 = PolarSSL 1.3.9 released 2014-10-20
 Security
commit	5dd28ea432cb8e04a2918c256d4d53f2bd417d23	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Nov 27 13:57:42 2014 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jan 13 14:58:01 2015 +0100
tree	4595283967690b2d3759d192bf4381d060638972
parent	547ff6618fe75fb04cb5e3deb10163e50d63117c [diff] [blame]