Fix potential integer overflow parsing DER CRL
This patch prevents a potential signed integer overflow during the CRL version verification checks.
This commit is contained in:
parent
2dfb02151d
commit
ce49a25033
1 changed files with 4 additions and 0 deletions
|
@ -13,6 +13,10 @@ Bugfix
|
||||||
Found by redplait #590
|
Found by redplait #590
|
||||||
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
||||||
Reported and fix suggested by guidovranken in #740
|
Reported and fix suggested by guidovranken in #740
|
||||||
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
|
encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
|
||||||
|
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||||
|
KNOX Security, Samsung Research America
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
||||||
|
|
Loading…
Reference in a new issue