NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33735aec52
kumquat-buildroot/package/polarssl/0003-fix-CVE-2015-1182.patch
Gustavo Zacarias d663af559e polarssl: add fix for CVE-2015-1182 
Fixes CVE-2015-1182 - Remote attack using crafted certificates.
Also rename patches to new naming convention.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-26 23:13:44 +01:00

20 lines
656 B
Diff
Raw Blame History

Fix CVE-2015-1182 - Remote attack using crafted certificates.
Patch status: from upstream see:
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
diff --git a/library/asn1parse.c b/library/asn1parse.c
index a3a2b56..e2117bf 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
if( cur->next == NULL )
return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ memset( cur->next, 0, sizeof( asn1_sequence ) );
+
cur = cur->next;
}
}
Reference in New Issue View Git Blame Copy Permalink