Merge branch 'tmp-reset-after-free' into 'master'

Automatically NULLify after gnutls_free()

See merge request gnutls/gnutls!923

1 files changed, 13 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 83d9b321a7..63b99641d7 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,19 @@ See the end for copying conditions.
 
 * Version 3.6.7 (unreleased)
 
+** libgnutls, gnutls tools: Every gnutls_free() will automatically set
+   the free'd pointer to NULL. This prevents possible use-after-free and
+   double free issues. Use-after-free will be turned into NULL dereference.
+   The counter-measure does not extend to applications using gnutls_free().
+
+** libgnutls, gnutls tools: Every gnutls_free() will automatically set
+   the free'd pointer to NULL. This prevents possible use-after-free and
+   double free issues. Use-after-free will be turned into NULL dereference,
+   effectively turning harmful attacks like remote-code-executions (RCE) into
+   segmentation faults. Double frees may also be used to achieve RCEs - turning
+   them into no-ops counter measures this attack at this point. 
+   This measurement is only active when building libgnutls and the gnutls tools.
+   
 ** libgnutls: enforce key usage limitations on certificates more actively.
    Previously we would enforce it for TLS1.2 protocol, now we enforce it
    even when TLS1.3 is negotiated, or on client certificates as well. When