Merge fix for IOTSSL-474 PKCS12 Overflow Fix stack buffer overflow in PKCS12

commit: d5ba4672b2e2c43228474548ada4c635de8320a2 [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Sun Oct 04 22:47:59 2015 +0100
committer: Simon Butcher <simon.butcher@arm.com> Sun Oct 04 22:47:59 2015 +0100
tree: f834a572c55b29e99494a92cdc0d16bf22b3fa03
parent: 5b8d1d65f746f1eae34225dfa6241d0401fbe746 [diff] [blame]
parent: d02a1daca792e293c28760e3e3ab9897cee20bf9 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index e024af8..f60dcb3 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -4,10 +4,13 @@
 
 Security
    * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
-     overflow of the hostname or session ticket. (Found by Guido Vranken).
+     overflow of the hostname or session ticket. Found by Guido Vranken.
    * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
      once in the same handhake and mbedtls_ssl_conf_psk() was used.
      Found and patch provided by Guido Vranken. Cannot be forced remotely.
+   * Fix stack buffer overflow in pkcs12 decryption (used by
+     mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
+     Found by Guido Vranken. Not triggerable remotely.
 
 Changes
    * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
commit	d5ba4672b2e2c43228474548ada4c635de8320a2	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Sun Oct 04 22:47:59 2015 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Sun Oct 04 22:47:59 2015 +0100
tree	f834a572c55b29e99494a92cdc0d16bf22b3fa03
parent	5b8d1d65f746f1eae34225dfa6241d0401fbe746 [diff] [blame]
parent	d02a1daca792e293c28760e3e3ab9897cee20bf9 [diff] [blame]