Patch PolarSSL for CVE-2015-1182.

An error during parsing of an ASN.1 sequence (triggerable during certificate parsing) results in an uninitialized pointer being freed. https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
2015-01-20 09:47:47 +00:00 · 2015-01-20 09:47:47 +00:00 · 86fd5c1df2
commit 86fd5c1df2
parent 193c3ed76a
2 changed files with 17 additions and 2 deletions
--- a/security/polarssl/Makefile
+++ b/security/polarssl/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.5 2014/11/05 09:40:05 dcoppa Exp $
+# $OpenBSD: Makefile,v 1.6 2015/01/20 09:47:47 sthen Exp $

 COMMENT=	SSL library with an intuitive API and readable source code

 DISTNAME=	polarssl-1.3.9
-REVISION=	0
+REVISION=	1
 EXTRACT_SUFX=	-gpl.tgz

 # check SOVERSION
--- a/security/polarssl/patches/patch-library_asn1parse_c
+++ b/security/polarssl/patches/patch-library_asn1parse_c
@ -0,0 +1,15 @@
+$OpenBSD: patch-library_asn1parse_c,v 1.1 2015/01/20 09:47:47 sthen Exp $
+
+https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
+
+--- library/asn1parse.c.orig	Tue Jan 20 09:44:16 2015
+++ library/asn1parse.c	Tue Jan 20 09:44:24 2015
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ 
+            memset( cur->next, 0, sizeof( asn1_sequence ) );
+
+             cur = cur->next;
+         }
+     }