Fix possible client crash on API misuse

commit: bb564e0fb498c9c2feb5bdde0cd1d4d4ef65e72d [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 03 10:44:32 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 03 10:44:32 2015 +0200
tree: b7172185e6623d566dca27ec04cfba56d5680d35
parent: b0282eaf141ce1695f7c45a0193cb2d29dfa48d1 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 2030ceb..8c602fa 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,11 @@
 
 = mbed TLS 1.3.13 reladsed 2015-??-??
 
+Security
+   * Fix possible client-side NULL pointer dereference (read) when the client
+     tries to continue the handshake after it failed (a misuse of the API).
+     (Found by GDS Labs using afl-fuzz, patch provided by GDS Labs.)
+
 Bugfix
    * Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h)
      (found by Fabio Solari) (#256)
commit	bb564e0fb498c9c2feb5bdde0cd1d4d4ef65e72d	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 03 10:44:32 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 03 10:44:32 2015 +0200
tree	b7172185e6623d566dca27ec04cfba56d5680d35
parent	b0282eaf141ce1695f7c45a0193cb2d29dfa48d1 [diff] [blame]