1 files changed, 81 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
new file mode 100644
index 0000000000..1a159c3934
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
@@ -0,0 +1,81 @@
+Upstream-Status: Backport
+Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
+--- a/nss/lib/ssl/ssl3con.c
+++ b/nss/lib/ssl/ssl3con.c
+@@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla
+     /* SSLv3 padding bytes are random and cannot be checked. */
+     t = plaintext->len;
+     t -= paddingLength+overhead;
+-    /* If len >= padding_length+overhead then the MSB of t is zero. */
+    /* If len >= paddingLength+overhead then the MSB of t is zero. */
+     good = DUPLICATE_MSB_TO_ALL(~t);
+     /* SSLv3 requires that the padding is minimal. */
+     t = blockSize - (paddingLength+1);
+@@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+        }
+     }
+ 
+-    good = (unsigned)-1;
+    good = ~0U;
+     minLength = crSpec->mac_size;
+     if (cipher_def->type == type_block) {
+        /* CBC records have a padding length byte at the end. */
+@@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+     /* We can perform this test in variable time because the record's total
+      * length and the ciphersuite are both public knowledge. */
+     if (cText->buf->len < minLength) {
+-       SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.",
+-                SSL_GETPID(), ss->fd));
+-       /* must not hold spec lock when calling SSL3_SendAlert. */
+-       ssl_ReleaseSpecReadLock(ss);
+-       SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
+-       /* always log mac error, in case attacker can read server logs. */
+-       PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+-       return SECFailure;
+       goto decrypt_loser;
+     }
+ 
+     if (cipher_def->type == type_block &&
+@@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+        return SECFailure;
+     }
+ 
+    if (cipher_def->type == type_block &&
+       ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
+       goto decrypt_loser;
+    }
+
+     /* decrypt from cText buf to plaintext. */
+     rv = crSpec->decode(
+        crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
+        plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
+-    good &= SECStatusToMask(rv);
+    if (rv != SECSuccess) {
+       goto decrypt_loser;
+    }
+ 
+     PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
+ 
+@@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+ 
+     /* If it's a block cipher, check and strip the padding. */
+     if (cipher_def->type == type_block) {
+-       const unsigned int blockSize = cipher_def->iv_size;
+       const unsigned int blockSize = cipher_def->block_size;
+        const unsigned int macSize = crSpec->mac_size;
+ 
+        if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) {
+@@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+     }
+ 
+     if (good == 0) {
+decrypt_loser:
+        /* must not hold spec lock when calling SSL3_SendAlert. */
+        ssl_ReleaseSpecReadLock(ss);
+ 
+-       SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd));
+       SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
+ 
+        if (!IS_DTLS(ss)) {
+            SSL3_SendAlert(ss, alert_fatal, bad_record_mac);

diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch new file mode 100644 index 0000000000..1a159c3934 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
@@ -0,0 +1,81 @@
	1	Upstream-Status: Backport
	2	Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
	3
	4	--- a/nss/lib/ssl/ssl3con.c
	5	+++ b/nss/lib/ssl/ssl3con.c
	6	@@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla
	7	/* SSLv3 padding bytes are random and cannot be checked. */
	8	t = plaintext->len;
	9	t -= paddingLength+overhead;
	10	- /* If len >= padding_length+overhead then the MSB of t is zero. */
	11	+ /* If len >= paddingLength+overhead then the MSB of t is zero. */
	12	good = DUPLICATE_MSB_TO_ALL(~t);
	13	/* SSLv3 requires that the padding is minimal. */
	14	t = blockSize - (paddingLength+1);
	15	@@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
	16	}
	17	}
	18
	19	- good = (unsigned)-1;
	20	+ good = ~0U;
	21	minLength = crSpec->mac_size;
	22	if (cipher_def->type == type_block) {
	23	/* CBC records have a padding length byte at the end. */
	24	@@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
	25	/* We can perform this test in variable time because the record's total
	26	* length and the ciphersuite are both public knowledge. */
	27	if (cText->buf->len < minLength) {
	28	- SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.",
	29	- SSL_GETPID(), ss->fd));
	30	- /* must not hold spec lock when calling SSL3_SendAlert. */
	31	- ssl_ReleaseSpecReadLock(ss);
	32	- SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
	33	- /* always log mac error, in case attacker can read server logs. */
	34	- PORT_SetError(SSL_ERROR_BAD_MAC_READ);
	35	- return SECFailure;
	36	+ goto decrypt_loser;
	37	}
	38
	39	if (cipher_def->type == type_block &&
	40	@@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
	41	return SECFailure;
	42	}
	43
	44	+ if (cipher_def->type == type_block &&
	45	+ ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
	46	+ goto decrypt_loser;
	47	+ }
	48	+
	49	/* decrypt from cText buf to plaintext. */
	50	rv = crSpec->decode(
	51	crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
	52	plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
	53	- good &= SECStatusToMask(rv);
	54	+ if (rv != SECSuccess) {
	55	+ goto decrypt_loser;
	56	+ }
	57
	58	PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
	59
	60	@@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
	61
	62	/* If it's a block cipher, check and strip the padding. */
	63	if (cipher_def->type == type_block) {
	64	- const unsigned int blockSize = cipher_def->iv_size;
	65	+ const unsigned int blockSize = cipher_def->block_size;
	66	const unsigned int macSize = crSpec->mac_size;
	67
	68	if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) {
	69	@@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
	70	}
	71
	72	if (good == 0) {
	73	+decrypt_loser:
	74	/* must not hold spec lock when calling SSL3_SendAlert. */
	75	ssl_ReleaseSpecReadLock(ss);
	76
	77	- SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd));
	78	+ SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
	79
	80	if (!IS_DTLS(ss)) {
	81	SSL3_SendAlert(ss, alert_fatal, bad_record_mac);