Commit d663af55 authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

polarssl: add fix for CVE-2015-1182 



Fixes CVE-2015-1182 - Remote attack using crafted certificates.
Also rename patches to new naming convention.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 349c9c7f

package/polarssl/0003-fix-CVE-2015-1182.patch

0 → 100644
+19 −0
Original line number Diff line number Diff line 
Fix CVE-2015-1182 - Remote attack using crafted certificates.

Patch status: from upstream see:

https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>



diff --git a/library/asn1parse.c b/library/asn1parse.c

index a3a2b56..e2117bf 100644

--- a/library/asn1parse.c

+++ b/library/asn1parse.c

@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,

             if( cur->next == NULL )

                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );



+            memset( cur->next, 0, sizeof( asn1_sequence ) );

+

             cur = cur->next;

         }

     }