Add fix for Polarssl CVE-2015-1182

author: Andre Heinecke <aheinecke@intevation.de> 2015-01-27 13:56:14 (GMT)
committer: Andre Heinecke <aheinecke@intevation.de> 2015-01-27 13:56:14 (GMT)
commit: e15c2f1b47785e903c3882da3bfef30f248dc20e (patch)
tree: d1986e11762df7856baf78ae521fd0802898d8a6 /src/polarssl-1-CVE20151182.patch
parent: e47a4bde7cc13e63e4c4e4cc25353dac94884f7e (diff)
download: mxe-e15c2f1b47785e903c3882da3bfef30f248dc20e.zip
mxe-e15c2f1b47785e903c3882da3bfef30f248dc20e.tar.gz
mxe-e15c2f1b47785e903c3882da3bfef30f248dc20e.tar.bz2
1 files changed, 20 insertions, 0 deletions
diff --git a/src/polarssl-1-CVE20151182.patch b/src/polarssl-1-CVE20151182.patch
new file mode 100644
index 0000000..a5db454
--- /dev/null
+++ b/src/polarssl-1-CVE20151182.patch
@@ -0,0 +1,20 @@
+This file is part of MXE.
+See index.html for further information.
+
+Security fix for CVE-2015-1182 from:
+https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
+
+
+diff --git a/library/asn1parse.c b/library/asn1parse.c
+index a3a2b56..e2117bf 100644
+--- a/library/asn1parse.c
++++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++            memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+             cur = cur->next;
+         }
+     }
author	Andre Heinecke <aheinecke@intevation.de>	2015-01-27 13:56:14 (GMT)
committer	Andre Heinecke <aheinecke@intevation.de>	2015-01-27 13:56:14 (GMT)
commit	e15c2f1b47785e903c3882da3bfef30f248dc20e (patch)
tree	d1986e11762df7856baf78ae521fd0802898d8a6 /src/polarssl-1-CVE20151182.patch
parent	e47a4bde7cc13e63e4c4e4cc25353dac94884f7e (diff)
download	mxe-e15c2f1b47785e903c3882da3bfef30f248dc20e.zip mxe-e15c2f1b47785e903c3882da3bfef30f248dc20e.tar.gz mxe-e15c2f1b47785e903c3882da3bfef30f248dc20e.tar.bz2