summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoryzhu1 <yanjun.zhu@windriver.com>2014-06-18 05:41:30 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-06-24 19:54:11 +0100
commit953b01e1de5de8076de326008293c89be30bb3d1 (patch)
treec02a462044bc45878ddd5275ad22be4c3510bfc5
parentb2aa82c4823900582a0a4b784c85e91515cc79fe (diff)
downloadpoky-953b01e1de5de8076de326008293c89be30bb3d1.tar.gz
nss-3.15.1: fix CVE-2013-1739
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739 (From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116) Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch81
-rw-r--r--meta/recipes-support/nss/nss.inc1
2 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
new file mode 100644
index 0000000000..1a159c3934
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
@@ -0,0 +1,81 @@
1Upstream-Status: Backport
2Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
3
4--- a/nss/lib/ssl/ssl3con.c
5+++ b/nss/lib/ssl/ssl3con.c
6@@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla
7 /* SSLv3 padding bytes are random and cannot be checked. */
8 t = plaintext->len;
9 t -= paddingLength+overhead;
10- /* If len >= padding_length+overhead then the MSB of t is zero. */
11+ /* If len >= paddingLength+overhead then the MSB of t is zero. */
12 good = DUPLICATE_MSB_TO_ALL(~t);
13 /* SSLv3 requires that the padding is minimal. */
14 t = blockSize - (paddingLength+1);
15@@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
16 }
17 }
18
19- good = (unsigned)-1;
20+ good = ~0U;
21 minLength = crSpec->mac_size;
22 if (cipher_def->type == type_block) {
23 /* CBC records have a padding length byte at the end. */
24@@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
25 /* We can perform this test in variable time because the record's total
26 * length and the ciphersuite are both public knowledge. */
27 if (cText->buf->len < minLength) {
28- SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.",
29- SSL_GETPID(), ss->fd));
30- /* must not hold spec lock when calling SSL3_SendAlert. */
31- ssl_ReleaseSpecReadLock(ss);
32- SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
33- /* always log mac error, in case attacker can read server logs. */
34- PORT_SetError(SSL_ERROR_BAD_MAC_READ);
35- return SECFailure;
36+ goto decrypt_loser;
37 }
38
39 if (cipher_def->type == type_block &&
40@@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
41 return SECFailure;
42 }
43
44+ if (cipher_def->type == type_block &&
45+ ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
46+ goto decrypt_loser;
47+ }
48+
49 /* decrypt from cText buf to plaintext. */
50 rv = crSpec->decode(
51 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
52 plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
53- good &= SECStatusToMask(rv);
54+ if (rv != SECSuccess) {
55+ goto decrypt_loser;
56+ }
57
58 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
59
60@@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
61
62 /* If it's a block cipher, check and strip the padding. */
63 if (cipher_def->type == type_block) {
64- const unsigned int blockSize = cipher_def->iv_size;
65+ const unsigned int blockSize = cipher_def->block_size;
66 const unsigned int macSize = crSpec->mac_size;
67
68 if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) {
69@@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
70 }
71
72 if (good == 0) {
73+decrypt_loser:
74 /* must not hold spec lock when calling SSL3_SendAlert. */
75 ssl_ReleaseSpecReadLock(ss);
76
77- SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd));
78+ SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
79
80 if (!IS_DTLS(ss)) {
81 SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 5afd63914b..cc9e7b9cd2 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -20,6 +20,7 @@ SRC_URI = "\
20 file://nss-3.15.1-fix-CVE-2013-5605.patch \ 20 file://nss-3.15.1-fix-CVE-2013-5605.patch \
21 file://nss-CVE-2014-1492.patch \ 21 file://nss-CVE-2014-1492.patch \
22 file://nss-CVE-2013-1740.patch \ 22 file://nss-CVE-2013-1740.patch \
23 file://nss-3.15.1-fix-CVE-2013-1739.patch \
23" 24"
24SRC_URI_append_class-target = "\ 25SRC_URI_append_class-target = "\
25 file://nss.pc.in \ 26 file://nss.pc.in \