Fix buffer overread in mbedtls_x509_get_time()
A heap overread might happen when parsing malformed certificates.
Reported by Peng Li and Yueh-Hsun Lin.
Refactoring the parsing fixes the problem. This commit applies the
relevant part of the OpenVPN contribution applied to mbed TLS 1.3
in commit 17da9dd82931abdf054a01c466bce45e7d12b742.
diff --git a/ChangeLog b/ChangeLog
index a299b80..1443bcb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,6 +40,8 @@
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
* Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng
+ Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
= mbed TLS 2.4.1 branch released 2016-12-13