package/polarssl/0003-fix-CVE-2015-1182.patch - buildroot - Git at Google

 Fix CVE-2015-1182 - Remote attack using crafted certificates.
 Patch status: from upstream see:
 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04

 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

 diff --git a/library/asn1parse.c b/library/asn1parse.c
 index a3a2b56..e2117bf 100644
 --- a/library/asn1parse.c
 +++ b/library/asn1parse.c
 @@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
              if( cur->next == NULL )
                  return( POLARSSL_ERR_ASN1_MALLOC_FAILED );

 +            memset( cur->next, 0, sizeof( asn1_sequence ) );
 +
              cur = cur->next;
          }
      }
	Fix CVE-2015-1182 - Remote attack using crafted certificates.
	Patch status: from upstream see:
	https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04

	Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

	diff --git a/library/asn1parse.c b/library/asn1parse.c
	index a3a2b56..e2117bf 100644
	--- a/library/asn1parse.c
	+++ b/library/asn1parse.c
	@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
	if( cur->next == NULL )
	return( POLARSSL_ERR_ASN1_MALLOC_FAILED );

	+ memset( cur->next, 0, sizeof( asn1_sequence ) );
	+
	cur = cur->next;
	}
	}