Fix buffer overread in mbedtls_x509_get_time() A heap overread might happen when parsing malformed certificates. Reported by Peng Li and Yueh-Hsun Lin. Refactoring the parsing fixes the problem. This commit applies the relevant part of the OpenVPN contribution applied to mbed TLS 1.3 in commit 17da9dd82931abdf054a01c466bce45e7d12b742.

commit: 87c980749df93058a4a19119192bdd76132c93e9 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Fri Feb 03 12:36:59 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Tue Feb 28 14:23:12 2017 +0000
tree: 79731907344ac5687d86522baacf35aa28b22015
parent: ea7054a00c9a84ef684fdf801dcf880f2d403869 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index a299b80..1443bcb 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -40,6 +40,8 @@
      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
    * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng
+     Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
 
 = mbed TLS 2.4.1 branch released 2016-12-13
commit	87c980749df93058a4a19119192bdd76132c93e9	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Fri Feb 03 12:36:59 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Tue Feb 28 14:23:12 2017 +0000
tree	79731907344ac5687d86522baacf35aa28b22015
parent	ea7054a00c9a84ef684fdf801dcf880f2d403869 [diff] [blame]