yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 04:45:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Parse HelloVerifyRequest buffer overread: add changelog entry

Browse Source
This commit is contained in:
Gilles Peskine 2019-09-27 14:07:00 +02:00
parent 2414ce1a5e
commit 99258ff315
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -7,6 +7,8 @@ Security
during certificate extensions parsing. In case of receiving malformed during certificate extensions parsing. In case of receiving malformed
input (extensions length field equal to 0), an illegal read of one byte input (extensions length field equal to 0), an illegal read of one byte
beyond the input buffer is made. Found and analyzed by Nathan Crandall. beyond the input buffer is made. Found and analyzed by Nathan Crandall.
* Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message.
Bugfix Bugfix
* Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation * Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation