Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
diff --git a/ChangeLog b/ChangeLog
index f8890dc..afef2dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
= mbed TLS 2.3.x branch released 2016-xx-xx
+Security
+ * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+ mbedtls_x509write_csr_der() when the signature is copied to the buffer
+ without checking whether there is enough space in the destination. It is
+ not triggerable remotely in SSL/TLS.
+
Features
* Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by
NIST SP 800-38B, RFC-4493 and RFC-4615.