Mercurial > trustbridge
changeset 1400:e18fccc081f1
(issue182) Document applying the patch for CVE-2015-1182
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 27 Jan 2015 15:15:19 +0100 |
| parents | 9283376283aa |
| children | ee807f64e21e |
| files | INSTALL |
| diffstat | 1 files changed, 16 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/INSTALL Tue Jan 27 14:09:45 2015 +0100 +++ b/INSTALL Tue Jan 27 15:15:19 2015 +0100 @@ -79,6 +79,22 @@ set(CMAKE_C_FLAGS_DEBUG "-g3 -O0") set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage") EOF + # Patch for CVE 2015-1182 + patch -p1 << EOF +diff --git a/library/asn1parse.c b/library/asn1parse.c +index a3a2b56..e2117bf 100644 +--- a/library/asn1parse.c ++++ b/library/asn1parse.c +@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p, + if( cur->next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++ memset( cur->next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur->next; + } + } +EOF mkdir build cd build