polarssl: add fix for CVE-2015-1182

Fixes CVE-2015-1182 - Remote attack using crafted certificates. Also rename patches to new naming convention. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-26 17:29:17 -03:00 · 2015-01-26 17:29:17 -03:00 · d663af559e
commit d663af559e
parent 349c9c7fac
3 changed files with 19 additions and 0 deletions
--- a/package/polarssl/polarssl-0001-no-test-suite.patch
+++ b/package/polarssl/polarssl-0001-no-test-suite.patch
--- a/package/polarssl/polarssl-0002-cmake-use-the-standard-CMake-flag-to-drive-the-share.patch
+++ b/package/polarssl/polarssl-0002-cmake-use-the-standard-CMake-flag-to-drive-the-share.patch
--- a/package/polarssl/0003-fix-CVE-2015-1182.patch
+++ b/package/polarssl/0003-fix-CVE-2015-1182.patch
@ -0,0 +1,19 @@
+Fix CVE-2015-1182 - Remote attack using crafted certificates.
+Patch status: from upstream see:
+https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/library/asn1parse.c b/library/asn1parse.c
+index a3a2b56..e2117bf 100644
+--- a/library/asn1parse.c
+++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
+            memset( cur->next, 0, sizeof( asn1_sequence ) );
+
+             cur = cur->next;
+         }
+     }