nss: CVE-2013-5606

the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 https://bugzilla.mozilla.org/show_bug.cgi?id=910438 http://hg.mozilla.org/projects/nss/rev/d29898e0981c The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede) (From OE-Core rev: e2c81356f68eb0b77408e73f01df5bc5c9f2adb3) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-support/nss/nss.inc
author: Li Wang <li.wang@windriver.com> 2014-07-28 02:50:42 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-09-29 12:02:39 +0100
commit: 1d04721fe8ea1f51e77548fb8d328112ca10eba2 (patch)
tree: 5fb096176f54fdcf2bbaa0c1a48b32695c4c2e73
parent: a4d8015687cf9ddd6ef563e29cf840698f81c099 (diff)
download: poky-1d04721fe8ea1f51e77548fb8d328112ca10eba2.tar.gz
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch
new file mode 100644
index 0000000000..f30475b16b
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch
@@ -0,0 +1,48 @@
+nss: CVE-2013-5606
+Upstream-Status: Backport
+the patch comes from:
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
+https://bugzilla.mozilla.org/show_bug.cgi?id=910438
+http://hg.mozilla.org/projects/nss/rev/d29898e0981c
+The CERT_VerifyCert function in lib/certhigh/certvfy.c in
+Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
+an unexpected return value for an incompatible key-usage certificate
+when the CERTVerifyLog argument is valid, which might allow remote
+attackers to bypass intended access restrictions via a crafted certificate.
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ nss/lib/certhigh/certvfy.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
+index f364ceb..f450205 100644
+--- a/nss/lib/certhigh/certvfy.c
+++ b/nss/lib/certhigh/certvfy.c
+@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
+        PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+        LOG_ERROR_OR_EXIT(log,cert,0,flags);
+     } else if (trusted) {
+-       goto winner;
+       goto done;
+     }
+ 
+ 
+@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
+        }
+     }
+ 
+-winner:
+done:
+    if (log && log->head) {
+        return SECFailure;
+    }
+     return(SECSuccess);
+ 
+ loser:
+-- 
+1.7.9.5
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 5afd63914b..ce7d4a4b27 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -20,6 +20,8 @@ SRC_URI = "\
    file://nss-3.15.1-fix-CVE-2013-5605.patch \
    file://nss-CVE-2014-1492.patch \
    file://nss-CVE-2013-1740.patch \
+    file://nss-3.15.1-fix-CVE-2013-1739.patch \
+    file://nss-CVE-2013-5606.patch \
 "
 SRC_URI_append_class-target = "\
    file://nss.pc.in \
author	Li Wang <li.wang@windriver.com>	2014-07-28 02:50:42 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-29 12:02:39 +0100
commit	1d04721fe8ea1f51e77548fb8d328112ca10eba2 (patch)
tree	5fb096176f54fdcf2bbaa0c1a48b32695c4c2e73
parent	a4d8015687cf9ddd6ef563e29cf840698f81c099 (diff)
download	poky-1d04721fe8ea1f51e77548fb8d328112ca10eba2.tar.gz

diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch new file mode 100644 index 0000000000..f30475b16b --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch
@@ -0,0 +1,48 @@
		1	nss: CVE-2013-5606
		2
		3	Upstream-Status: Backport
		4
		5	the patch comes from:
		6	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
		7	https://bugzilla.mozilla.org/show_bug.cgi?id=910438
		8	http://hg.mozilla.org/projects/nss/rev/d29898e0981c
		9
		10	The CERT_VerifyCert function in lib/certhigh/certvfy.c in
		11	Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
		12	an unexpected return value for an incompatible key-usage certificate
		13	when the CERTVerifyLog argument is valid, which might allow remote
		14	attackers to bypass intended access restrictions via a crafted certificate.
		15
		16	Signed-off-by: Li Wang <li.wang@windriver.com>
		17	---
		18	nss/lib/certhigh/certvfy.c \| 7 +++++--
		19	1 file changed, 5 insertions(+), 2 deletions(-)
		20
		21	diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
		22	index f364ceb..f450205 100644
		23	--- a/nss/lib/certhigh/certvfy.c
		24	+++ b/nss/lib/certhigh/certvfy.c
		25	@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle handle, CERTCertificate cert,
		26	PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
		27	LOG_ERROR_OR_EXIT(log,cert,0,flags);
		28	} else if (trusted) {
		29	- goto winner;
		30	+ goto done;
		31	}
		32
		33
		34	@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle handle, CERTCertificate cert,
		35	}
		36	}
		37
		38	-winner:
		39	+done:
		40	+ if (log && log->head) {
		41	+ return SECFailure;
		42	+ }
		43	return(SECSuccess);
		44
		45	loser:
		46	--
		47	1.7.9.5
		48


diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 5afd63914b..ce7d4a4b27 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc
@@ -20,6 +20,8 @@ SRC_URI = "\
20	file://nss-3.15.1-fix-CVE-2013-5605.patch \	20	file://nss-3.15.1-fix-CVE-2013-5605.patch \
21	file://nss-CVE-2014-1492.patch \	21	file://nss-CVE-2014-1492.patch \
22	file://nss-CVE-2013-1740.patch \	22	file://nss-CVE-2013-1740.patch \
		23	file://nss-3.15.1-fix-CVE-2013-1739.patch \
		24	file://nss-CVE-2013-5606.patch \
23	"	25	"
24	SRC_URI_append_class-target = "\	26	SRC_URI_append_class-target = "\
25	file://nss.pc.in \	27	file://nss.pc.in \