polarssl: patch CVE-2015-1182

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44060
10 years ago · 555492e41a
parent f0d73a4381
commit 555492e41a
2 changed files with 13 additions and 2 deletions
--- a/package/libs/polarssl/Makefile
+++ b/package/libs/polarssl/Makefile
@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2011-2013 OpenWrt.org
+# Copyright (C) 2011-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=polarssl
 PKG_VERSION:=1.3.9
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_USE_MIPS16:=0

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
--- a/package/libs/polarssl/patches/300-CVE-2015-1182.patch
+++ b/package/libs/polarssl/patches/300-CVE-2015-1182.patch
@ -0,0 +1,11 @@
+--- a/library/asn1parse.c
+++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ 
+            memset( cur->next, 0, sizeof( asn1_sequence ) );
+
+             cur = cur->next;
+         }
+     }