[PATCH 1 of 3] (issue182) Document applying the patch for CVE-2015-1182

Tue Jan 27 15:19:11 CET 2015

# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1422368119 -3600
# Node ID e18fccc081f157f46c38ce7ffaac680a38763556
# Parent  9283376283aa956827034c76f40e255a4af89387
(issue182) Document applying the patch for CVE-2015-1182

diff -r 9283376283aa -r e18fccc081f1 INSTALL

--- a/INSTALL	Tue Jan 27 14:09:45 2015 +0100
+++ b/INSTALL	Tue Jan 27 15:15:19 2015 +0100
@@ -79,6 +79,22 @@
    set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
    set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
 EOF
+    # Patch for CVE 2015-1182
+    patch -p1 << EOF
+diff --git a/library/asn1parse.c b/library/asn1parse.c
+index a3a2b56..e2117bf 100644
+--- a/library/asn1parse.c
++++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++            memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+             cur = cur->next;
+         }
+     }
+EOF
 
     mkdir build
     cd build
