summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2014-08-26 16:33:24 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-10-10 15:06:05 +0100
commit65ed47e597609be3c740e383ca6c5a740fa7760a (patch)
treef1e651cad08aa78dd72a68e7e98d5170dee6a037
parent608ac7794f3f1f1c42459373125f3ff4aaeb563a (diff)
downloadpoky-65ed47e597609be3c740e383ca6c5a740fa7760a.tar.gz
nss: CVE-2014-1544
the patch comes from: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 https://hg.mozilla.org/projects/nss/rev/204f22c527f8 author Robert Relyea <rrelyea@redhat.com> https://bugzilla.mozilla.org/show_bug.cgi?id=963150 Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from freeing the CERTCertificate associated with the NSSCertificate. r=wtc. (From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df) (From OE-Core rev: 7e4f3f167c40c09bf2c32f5e366a8fad3c66b74b) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-support/nss/files/nss-CVE-2014-1544.patch41
-rw-r--r--meta/recipes-support/nss/nss.inc1
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch
new file mode 100644
index 0000000000..d6434dfe23
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch
@@ -0,0 +1,41 @@
1nss: CVE-2014-1544
2
3the patch comes from:
4https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
5https://hg.mozilla.org/projects/nss/rev/204f22c527f8
6
7author Robert Relyea <rrelyea@redhat.com>
8https://bugzilla.mozilla.org/show_bug.cgi?id=963150
9Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
10to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
11freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
12
13Upstream-Status: Pending
14Signed-off-by: Li Wang <li.wang@windriver.com>
15---
16 nss/lib/pk11wrap/pk11cert.c | 7 +++++++
17 1 file changed, 7 insertions(+)
18
19diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c
20index 39168b9..3f3edb1 100644
21--- a/nss/lib/pk11wrap/pk11cert.c
22+++ b/nss/lib/pk11wrap/pk11cert.c
23@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
24 * CERTCertificate, and finish
25 */
26 nssPKIObject_AddInstance(&c->object, certobj);
27+ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
28+ * replace 'c' by a different value. So we add a reference to 'c' to
29+ * prevent 'c' from being destroyed. */
30+ nssCertificate_AddRef(c);
31 nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
32+ /* XXX should we pass the original value of 'c' to
33+ * STAN_ForceCERTCertificateUpdate? */
34 (void)STAN_ForceCERTCertificateUpdate(c);
35+ nssCertificate_Destroy(c);
36 SECITEM_FreeItem(keyID,PR_TRUE);
37 return SECSuccess;
38 loser:
39--
401.7.9.5
41
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index ce7d4a4b27..6b7036dd98 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -22,6 +22,7 @@ SRC_URI = "\
22 file://nss-CVE-2013-1740.patch \ 22 file://nss-CVE-2013-1740.patch \
23 file://nss-3.15.1-fix-CVE-2013-1739.patch \ 23 file://nss-3.15.1-fix-CVE-2013-1739.patch \
24 file://nss-CVE-2013-5606.patch \ 24 file://nss-CVE-2013-5606.patch \
25 file://nss-CVE-2014-1544.patch \
25" 26"
26SRC_URI_append_class-target = "\ 27SRC_URI_append_class-target = "\
27 file://nss.pc.in \ 28 file://nss.pc.in \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 01:52:50 +0000