Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop.

commit: e567101f6b4c605cb7b816a202423f0acadd67e3 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Dec 08 17:08:44 2016 +0000
committer: Andres AG <andres.amayagarcia@arm.com> Thu Jan 19 16:57:16 2017 +0000
tree: 543396a8e3070894cc6f29c1af323c4cd948acae
parent: a697bf503ad97c74b43d2ff01aa07c6629d23c16 [diff]
diff --git a/ChangeLog b/ChangeLog
index d4cf85b..2e12785 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fixed potential livelock during the parsing of a CRL in PEM format in
+     mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
+     characters after the footer could result in the execution of an infinite
+     loop. The issue can be triggered remotely. Found by Greg Zaverucha,
+     Microsoft.
+
 = mbed TLS 1.3.18 branch 2016-10-17
 
 Security

diff --git a/library/x509_crl.c b/library/x509_crl.c
index de2079f..0d92bb1 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c

@@ -525,7 +525,7 @@
 
             pem_free( &pem );
         }
-        else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        else if( is_pem )
         {
             pem_free( &pem );
             return( ret );
commit	e567101f6b4c605cb7b816a202423f0acadd67e3	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Dec 08 17:08:44 2016 +0000
committer	Andres AG <andres.amayagarcia@arm.com>	Thu Jan 19 16:57:16 2017 +0000
tree	543396a8e3070894cc6f29c1af323c4cd948acae
parent	a697bf503ad97c74b43d2ff01aa07c6629d23c16 [diff]