Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-03 13:15:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge of IOTSSL-476 - Random malloc in pem_read()

Browse source
This commit is contained in:
Simon Butcher 2015-10-05 00:26:36 +01:00
parent e7f96f22ee
commit a45aa1399b
3 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -16,6 +16,10 @@ Security
but might be in other uses. On 32 bit machines, requires reading a string
of close to or larger than 1GB to exploit; on 64 bit machines, would require
reading a string of close to or larger than 2^62 bytes.
* Fix potential random memory allocation in mbedtls_pem_read_buffer()
on crafted PEM input data. Found an fix provided by Guid Vranken.
Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
data from an untrusted source.
Changes
* Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure