diff options
| author | Timothy Gu <timothygu99@gmail.com> | 2015-01-27 16:08:04 (GMT) |
|---|---|---|
| committer | Timothy Gu <timothygu99@gmail.com> | 2015-01-27 16:08:04 (GMT) |
| commit | d44b78cc7e072d36230accac8edd6ca411e25bcd (patch) | |
| tree | d1986e11762df7856baf78ae521fd0802898d8a6 | |
| parent | e47a4bde7cc13e63e4c4e4cc25353dac94884f7e (diff) | |
| parent | e15c2f1b47785e903c3882da3bfef30f248dc20e (diff) | |
| download | mxe-d44b78cc7e072d36230accac8edd6ca411e25bcd.zip mxe-d44b78cc7e072d36230accac8edd6ca411e25bcd.tar.gz mxe-d44b78cc7e072d36230accac8edd6ca411e25bcd.tar.bz2 | |
Merge pull request #614 from Intevation/polarssl-cve-2015-1182
Add fix for Polarssl CVE-2015-1182
| -rw-r--r-- | src/polarssl-1-CVE20151182.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/polarssl-1-CVE20151182.patch b/src/polarssl-1-CVE20151182.patch new file mode 100644 index 0000000..a5db454 --- /dev/null +++ b/src/polarssl-1-CVE20151182.patch @@ -0,0 +1,20 @@ +This file is part of MXE. +See index.html for further information. + +Security fix for CVE-2015-1182 from: +https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 + + +diff --git a/library/asn1parse.c b/library/asn1parse.c +index a3a2b56..e2117bf 100644 +--- a/library/asn1parse.c ++++ b/library/asn1parse.c +@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p, + if( cur->next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++ memset( cur->next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur->next; + } + } |