diff --git a/ChangeLog b/ChangeLog index 62ef4702d..73da67a3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,13 @@ Bugfix encoded X509 CRLs. The overflow would enable maliciously constructed CRLs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America = mbed TLS 2.1.8 branch released 2017-06-21 @@ -131,9 +138,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/x509_csr.c b/library/x509_csr.c index 60f66b3f3..c706dbd74 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */