1Security 2 * Fix a bug in Mbedtls_asn1_store_named_data() where it would sometimes leave 3 an item in the output list in an inconsistent state with val.p == NULL but 4 val.len > 0. This impacts applications that call this function directly, 5 or indirectly via mbedtls_x509_string_to_names() or onr of the 6 mbedtls_x509write_{crt, csr}_set_{subject,issuer}_name() functions. The 7 inconsistent state of the outputcould then cause a NULL dereference either 8 inside the same call to mbedtls_x509_string_to_names(), or in subsequent 9 users of the output structure, such as mbedtls_x509_write_names(). This 10 only affects applications that creat (as opposed to consume) X.509 11 certificates, CSRs or CRLS, or that call mbedtls_asn1_store_named_data() 12 directly. Found by Linh Le and Ngan Nguyen from Calif.