Fix possible client crash on API misuse

commit: 7f2f062a5d9edb60bf6d5c80b537cabb57324e54 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 03 10:44:32 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Sep 07 12:27:24 2015 +0200
tree: d3f7f4ad81fe97ea453852166f33fa5f9f07f95f
parent: 14d800507a8fda5e321fa7e007d2e17100d4ae7c [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index d3636f0..fdab585 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,11 @@
    * Added support for yotta as a build system.
    * Primary open source license changed to Apache 2.0 license.
 
+Security
+   * Fix possible client-side NULL pointer dereference (read) when the client
+     tries to continue the handshake after it failed (a misuse of the API).
+     (Found by GDS Labs using afl-fuzz, patch provided by GDS Labs.)
+
 Bugfix
    * Fix segfault in the benchmark program when benchmarking DHM.
    * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
commit	7f2f062a5d9edb60bf6d5c80b537cabb57324e54	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 03 10:44:32 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Sep 07 12:27:24 2015 +0200
tree	d3f7f4ad81fe97ea453852166f33fa5f9f07f95f
parent	14d800507a8fda5e321fa7e007d2e17100d4ae7c [diff] [blame]