Fix CRL parsing to avoid infinite loop

This patch modifies the function mbedtls_x509_crl_parse() to ensure
that a CRL in PEM format with trailing characters after the footer does
not result in the execution of an infinite loop.

ChangeLog

@@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fixed potential livelock during the parsing of a CRL in PEM format in
+     mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
+     characters after the footer could result in the execution of an infinite
+     loop. The issue can be triggered remotely. Found by Greg Zaverucha,
+     Microsoft.
+
 = mbed TLS 1.3.18 branch 2016-10-17
 
 Security

library/x509_crl.c

@@ -525,7 +525,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
 
             pem_free( &pem );
         }
-        else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        else if( is_pem )
         {
             pem_free( &pem );
             return( ret );