File polarssl-CVE-2015-1182.patch of Package polarssl

Overview Repositories Revisions Requests Users Attributes Meta

File polarssl-CVE-2015-1182.patch of Package polarssl

Description: Remote attack using crafted certificates
 During the parsing of a ASN.1 sequence, a pointer in the linked list of
 asn1_sequence is not initialized by asn1_get_sequence_of(). In case an
 error occurs during parsing of the list, a situation is created where
 the uninitialized pointer is passed to polarssl_free().
 .
 This sequence can be triggered when a PolarSSL entity is parsing a
 certificate. So practically this means clients when receiving a
 certificate from the server or servers in case they are actively asking
 for a client certificate.
 .
 Depending on the attackers knowledge of the system under attack, this
 results at the lowest into a denial of service, and at the most a
 possible remote code execution.
 .
 CVE-2015-1182
Origin: upstream, https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
Bug-Debian: https://bugs.debian.org/775776
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2015-01-21

Index: library/asn1parse.c
===================================================================
--- library/asn1parse.c.orig
+++ library/asn1parse.c
@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char
             if( cur->next == NULL )
                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
 
+            memset( cur->next, 0, sizeof( asn1_sequence ) );
+
             cur = cur->next;
         }
     }

Places

File polarssl-CVE-2015-1182.patch of Package polarssl

Places