summaryrefslogtreecommitdiffstats
path: root/package/polarssl/0003-fix-CVE-2015-1182.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/polarssl/0003-fix-CVE-2015-1182.patch')
-rw-r--r--package/polarssl/0003-fix-CVE-2015-1182.patch19
1 files changed, 19 insertions, 0 deletions
diff --git a/package/polarssl/0003-fix-CVE-2015-1182.patch b/package/polarssl/0003-fix-CVE-2015-1182.patch
new file mode 100644
index 0000000000..9309c9d281
--- /dev/null
+++ b/package/polarssl/0003-fix-CVE-2015-1182.patch
@@ -0,0 +1,19 @@
+Fix CVE-2015-1182 - Remote attack using crafted certificates.
+Patch status: from upstream see:
+https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/library/asn1parse.c b/library/asn1parse.c
+index a3a2b56..e2117bf 100644
+--- a/library/asn1parse.c
++++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++ memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+ cur = cur->next;
+ }
+ }
OpenPOWER on IntegriCloud