diff options
author | yzhu1 <yanjun.zhu@windriver.com> | 2014-06-18 05:41:30 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-06-24 19:54:11 +0100 |
commit | 953b01e1de5de8076de326008293c89be30bb3d1 (patch) | |
tree | c02a462044bc45878ddd5275ad22be4c3510bfc5 /meta/recipes-support/nss | |
parent | b2aa82c4823900582a0a4b784c85e91515cc79fe (diff) | |
download | poky-953b01e1de5de8076de326008293c89be30bb3d1.tar.gz |
nss-3.15.1: fix CVE-2013-1739
Mozilla Network Security Services (NSS) before 3.15.2 does
not ensure that data structures are initialized before
read operations, which allows remote attackers to cause a
denial of service or possibly have unspecified other
impact via vectors that trigger a decryption failure.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739
(From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116)
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/nss')
-rw-r--r-- | meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch | 81 | ||||
-rw-r--r-- | meta/recipes-support/nss/nss.inc | 1 |
2 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch new file mode 100644 index 0000000000..1a159c3934 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch | |||
@@ -0,0 +1,81 @@ | |||
1 | Upstream-Status: Backport | ||
2 | Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> | ||
3 | |||
4 | --- a/nss/lib/ssl/ssl3con.c | ||
5 | +++ b/nss/lib/ssl/ssl3con.c | ||
6 | @@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla | ||
7 | /* SSLv3 padding bytes are random and cannot be checked. */ | ||
8 | t = plaintext->len; | ||
9 | t -= paddingLength+overhead; | ||
10 | - /* If len >= padding_length+overhead then the MSB of t is zero. */ | ||
11 | + /* If len >= paddingLength+overhead then the MSB of t is zero. */ | ||
12 | good = DUPLICATE_MSB_TO_ALL(~t); | ||
13 | /* SSLv3 requires that the padding is minimal. */ | ||
14 | t = blockSize - (paddingLength+1); | ||
15 | @@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
16 | } | ||
17 | } | ||
18 | |||
19 | - good = (unsigned)-1; | ||
20 | + good = ~0U; | ||
21 | minLength = crSpec->mac_size; | ||
22 | if (cipher_def->type == type_block) { | ||
23 | /* CBC records have a padding length byte at the end. */ | ||
24 | @@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
25 | /* We can perform this test in variable time because the record's total | ||
26 | * length and the ciphersuite are both public knowledge. */ | ||
27 | if (cText->buf->len < minLength) { | ||
28 | - SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.", | ||
29 | - SSL_GETPID(), ss->fd)); | ||
30 | - /* must not hold spec lock when calling SSL3_SendAlert. */ | ||
31 | - ssl_ReleaseSpecReadLock(ss); | ||
32 | - SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | ||
33 | - /* always log mac error, in case attacker can read server logs. */ | ||
34 | - PORT_SetError(SSL_ERROR_BAD_MAC_READ); | ||
35 | - return SECFailure; | ||
36 | + goto decrypt_loser; | ||
37 | } | ||
38 | |||
39 | if (cipher_def->type == type_block && | ||
40 | @@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
41 | return SECFailure; | ||
42 | } | ||
43 | |||
44 | + if (cipher_def->type == type_block && | ||
45 | + ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) { | ||
46 | + goto decrypt_loser; | ||
47 | + } | ||
48 | + | ||
49 | /* decrypt from cText buf to plaintext. */ | ||
50 | rv = crSpec->decode( | ||
51 | crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, | ||
52 | plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen); | ||
53 | - good &= SECStatusToMask(rv); | ||
54 | + if (rv != SECSuccess) { | ||
55 | + goto decrypt_loser; | ||
56 | + } | ||
57 | |||
58 | PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); | ||
59 | |||
60 | @@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
61 | |||
62 | /* If it's a block cipher, check and strip the padding. */ | ||
63 | if (cipher_def->type == type_block) { | ||
64 | - const unsigned int blockSize = cipher_def->iv_size; | ||
65 | + const unsigned int blockSize = cipher_def->block_size; | ||
66 | const unsigned int macSize = crSpec->mac_size; | ||
67 | |||
68 | if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) { | ||
69 | @@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
70 | } | ||
71 | |||
72 | if (good == 0) { | ||
73 | +decrypt_loser: | ||
74 | /* must not hold spec lock when calling SSL3_SendAlert. */ | ||
75 | ssl_ReleaseSpecReadLock(ss); | ||
76 | |||
77 | - SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); | ||
78 | + SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); | ||
79 | |||
80 | if (!IS_DTLS(ss)) { | ||
81 | SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | ||
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 5afd63914b..cc9e7b9cd2 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc | |||
@@ -20,6 +20,7 @@ SRC_URI = "\ | |||
20 | file://nss-3.15.1-fix-CVE-2013-5605.patch \ | 20 | file://nss-3.15.1-fix-CVE-2013-5605.patch \ |
21 | file://nss-CVE-2014-1492.patch \ | 21 | file://nss-CVE-2014-1492.patch \ |
22 | file://nss-CVE-2013-1740.patch \ | 22 | file://nss-CVE-2013-1740.patch \ |
23 | file://nss-3.15.1-fix-CVE-2013-1739.patch \ | ||
23 | " | 24 | " |
24 | SRC_URI_append_class-target = "\ | 25 | SRC_URI_append_class-target = "\ |
25 | file://nss.pc.in \ | 26 | file://nss.pc.in \ |