Merge branch 'iotssl-517-double-free-restricted' into development-restricted

* iotssl-517-double-free-restricted: Fix potential double-free in ssl_conf_psk()
2026-02-19 00:39:46 +00:00 · 2015-11-02 11:03:32 +09:00
parent ce0e3f7f5c 173c790722
commit f8b2442e2f
2 changed files with 5 additions and 0 deletions
--- a/3
+++ b/3
@@ -3,6 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 2.2.0 released 2015-10-xx

 Security
+   * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
+     once and some allocation fails. Cannot be forced remotely. Found by Guido
+     Vranken, Intelworks.
   * The X509 max_pathlen constraint was not enforced on intermediate
     certificates. Found by Nicholas Wilson, fix and tests provided by
     Janos Follath. #280 and #319