1 files changed, 49 insertions, 0 deletions

diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
new file mode 100644
index 000000000000..6d396b42bef5
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
@@ -0,0 +1,49 @@
+https://bugs.gentoo.org/541502
+
+From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 9 Feb 2015 11:38:41 +0000
+Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
+
+CVE-2015-0209
+
+Reviewed-by: Emilia Käsper <emilia@openssl.org>
+---
+ crypto/ec/ec_asn1.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 30b7df4..d3e8316 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+             goto err;
+         }
+-        if (a)
+-            *a = ret;
+     } else
+         ret = *a;
+ 
+@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+         }
+     }
+ 
++    if (a)
++        *a = ret;
+     ok = 1;
+  err:
+     if (!ok) {
+-        if (ret)
++        if (ret && (a == NULL || *a != ret))
+             EC_KEY_free(ret);
+         ret = NULL;
+     }
+-- 
+2.3.1
+