diff options
author | Li Wang <li.wang@windriver.com> | 2014-08-26 16:33:24 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-08-27 12:12:32 +0100 |
commit | 88a3c93097a7e0024f30e6cb3994c551cdb46401 (patch) | |
tree | edcd24dfb586464ab3ef32a93cafd5b631b3de0b /meta/recipes-support/nss | |
parent | 2e8b7023c08b94537a3d65011f97e93ca11968e5 (diff) | |
download | poky-88a3c93097a7e0024f30e6cb3994c551cdb46401.tar.gz |
nss: CVE-2014-1544
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
(From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/nss')
-rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2014-1544.patch | 41 | ||||
-rw-r--r-- | meta/recipes-support/nss/nss.inc | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch new file mode 100644 index 0000000000..d6434dfe23 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | nss: CVE-2014-1544 | ||
2 | |||
3 | the patch comes from: | ||
4 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 | ||
5 | https://hg.mozilla.org/projects/nss/rev/204f22c527f8 | ||
6 | |||
7 | author Robert Relyea <rrelyea@redhat.com> | ||
8 | https://bugzilla.mozilla.org/show_bug.cgi?id=963150 | ||
9 | Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls | ||
10 | to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from | ||
11 | freeing the CERTCertificate associated with the NSSCertificate. r=wtc. | ||
12 | |||
13 | Upstream-Status: Pending | ||
14 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
15 | --- | ||
16 | nss/lib/pk11wrap/pk11cert.c | 7 +++++++ | ||
17 | 1 file changed, 7 insertions(+) | ||
18 | |||
19 | diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c | ||
20 | index 39168b9..3f3edb1 100644 | ||
21 | --- a/nss/lib/pk11wrap/pk11cert.c | ||
22 | +++ b/nss/lib/pk11wrap/pk11cert.c | ||
23 | @@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, | ||
24 | * CERTCertificate, and finish | ||
25 | */ | ||
26 | nssPKIObject_AddInstance(&c->object, certobj); | ||
27 | + /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and | ||
28 | + * replace 'c' by a different value. So we add a reference to 'c' to | ||
29 | + * prevent 'c' from being destroyed. */ | ||
30 | + nssCertificate_AddRef(c); | ||
31 | nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); | ||
32 | + /* XXX should we pass the original value of 'c' to | ||
33 | + * STAN_ForceCERTCertificateUpdate? */ | ||
34 | (void)STAN_ForceCERTCertificateUpdate(c); | ||
35 | + nssCertificate_Destroy(c); | ||
36 | SECITEM_FreeItem(keyID,PR_TRUE); | ||
37 | return SECSuccess; | ||
38 | loser: | ||
39 | -- | ||
40 | 1.7.9.5 | ||
41 | |||
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 69f98b58cd..d706c43cab 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc | |||
@@ -22,6 +22,7 @@ SRC_URI = "\ | |||
22 | file://nss-CVE-2013-1740.patch \ | 22 | file://nss-CVE-2013-1740.patch \ |
23 | file://nss-3.15.1-fix-CVE-2013-1739.patch \ | 23 | file://nss-3.15.1-fix-CVE-2013-1739.patch \ |
24 | file://nss-CVE-2013-5606.patch \ | 24 | file://nss-CVE-2013-5606.patch \ |
25 | file://nss-CVE-2014-1544.patch \ | ||
25 | " | 26 | " |
26 | SRC_URI_append_class-target = "\ | 27 | SRC_URI_append_class-target = "\ |
27 | file://nss.pc.in \ | 28 | file://nss.pc.in \ |