yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-02 00:34:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changed attribution for Guido Vranken

Browse Source
This commit is contained in:
Simon Butcher 2015-10-05 17:26:53 +01:00
parent c047c74b95
commit ac4461f783
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ChangeLog
View File

@ -5,26 +5,26 @@ PolarSSL ChangeLog
Security Security
* Fix possible heap buffer overflow in SSL if a very long hostname is used. * Fix possible heap buffer overflow in SSL if a very long hostname is used.
Can be trigerred remotely if you accept hostnames from untrusted parties. Can be trigerred remotely if you accept hostnames from untrusted parties.
Found by Guido Vranken. Found by Guido Vranken, Intelworks.
* Fix stack buffer overflow in pkcs12 decryption (used by * Fix stack buffer overflow in pkcs12 decryption (used by
mbedtls_pk_parse_key(file)() when the password is > 129 bytes. mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by
Found by Guido Vranken. Not triggerable remotely. Guido Vranken, Intelworks. Not triggerable remotely.
* Fix potential buffer overflow in mbedtls_mpi_read_string(). * Fix potential buffer overflow in mbedtls_mpi_read_string().
Found by Guido Vranken. Not exploitable remotely in the context of TLS, Found by Guido Vranken, Intelworks. Not exploitable remotely in the context
but might be in other uses. On 32 bit machines, requires reading a string of TLS, but might be in other uses. On 32 bit machines, requires reading a
of close to or larger than 1GB to exploit; on 64 bit machines, would require string of close to or larger than 1GB to exploit; on 64 bit machines, would
reading a string of close to or larger than 2^62 bytes. require reading a string of close to or larger than 2^62 bytes.
* Fix potential random memory allocation in mbedtls_pem_read_buffer() * Fix potential random memory allocation in mbedtls_pem_read_buffer()
on crafted PEM input data. Found and fix provided by Guido Vranken. on crafted PEM input data. Found and fix provided by Guido Vranken,
Not triggerable remotely in TLS. Triggerable remotely if you accept PEM Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you
data from an untrusted source. accept PEM data from an untrusted source.
* Fix possible heap buffer overflow in base64_encode() when the input * Fix possible heap buffer overflow in base64_encode() when the input
buffer is 512MB or larger on 32-bit platforms. buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
Found by Guido Vranken. Not trigerrable remotely in TLS. Intelworks. Not trigerrable remotely in TLS.
* Fix potential heap buffer overflow in servers that perform client * Fix potential heap buffer overflow in servers that perform client
authentication against a crafted CA cert. Cannot be triggered remotely authentication against a crafted CA cert. Cannot be triggered remotely
unless you allow third parties to pick trust CAs for client auth. unless you allow third parties to pick trust CAs for client auth. Found by
Found by Guido Vranken. Guido Vranken, Intelworks.
Changes Changes
* ssl_set_hostname() now rejects host names longer that 255 bytes (maximum * ssl_set_hostname() now rejects host names longer that 255 bytes (maximum