| Fix CVE-2015-1182 - Remote attack using crafted certificates. |
| Patch status: from upstream see: |
| https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 |
| |
| Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> |
| |
| diff --git a/library/asn1parse.c b/library/asn1parse.c |
| index a3a2b56..e2117bf 100644 |
| --- a/library/asn1parse.c |
| +++ b/library/asn1parse.c |
| @@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p, |
| if( cur->next == NULL ) |
| return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); |
| |
| + memset( cur->next, 0, sizeof( asn1_sequence ) ); |
| + |
| cur = cur->next; |
| } |
| } |