mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:05:35 +00:00
Fix CRL parsing to avoid infinite loop
This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop.
This commit is contained in:
parent
cb587009d6
commit
939954c0b0
|
@ -1,5 +1,14 @@
|
|||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fixed potential livelock during the parsing of a CRL in PEM format in
|
||||
mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
|
||||
characters after the footer could result in the execution of an infinite
|
||||
loop. The issue can be triggered remotely. Found by Greg Zaverucha,
|
||||
Microsoft.
|
||||
|
||||
= mbed TLS 2.4.1 branch released 2016-12-13
|
||||
|
||||
Changes
|
||||
|
|
|
@ -530,7 +530,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
|
|||
|
||||
mbedtls_pem_free( &pem );
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
else if( is_pem )
|
||||
{
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
|
|
Loading…
Reference in a new issue