1 files changed, 18 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch
new file mode 100644
index 0000000000..7203d02c78
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch
@@ -0,0 +1,18 @@
+signed-off-by: Ryan Sleevi <ryan.sleevi@gmail.com>
+Upstream-Status: Backport
+reference:https://hg.mozilla.org/projects/nss/rev/e79a09364b5e
+--- a/nss/lib/ssl/ssl3con.c
+++ b/nss/lib/ssl/ssl3con.c
+@@ -781,6 +781,11 @@ static SECStatus
+ Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
+            const unsigned char *input, int inputLen)
+ {
+    if (inputLen > maxOutputLen) {
+        *outputLen = 0;  /* Match PK11_CipherOp in setting outputLen */
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+     *outputLen = inputLen;
+     if (input != output)
+        PORT_Memcpy(output, input, inputLen);

diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch new file mode 100644 index 0000000000..7203d02c78 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch
@@ -0,0 +1,18 @@
	1	signed-off-by: Ryan Sleevi <ryan.sleevi@gmail.com>
	2	Upstream-Status: Backport
	3	reference:https://hg.mozilla.org/projects/nss/rev/e79a09364b5e
	4
	5	--- a/nss/lib/ssl/ssl3con.c
	6	+++ b/nss/lib/ssl/ssl3con.c
	7	@@ -781,6 +781,11 @@ static SECStatus
	8	Null_Cipher(void ctx, unsigned char output, int *outputLen, int maxOutputLen,
	9	const unsigned char *input, int inputLen)
	10	{
	11	+ if (inputLen > maxOutputLen) {
	12	+ outputLen = 0; / Match PK11_CipherOp in setting outputLen */
	13	+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
	14	+ return SECFailure;
	15	+ }
	16	*outputLen = inputLen;
	17	if (input != output)
	18	PORT_Memcpy(output, input, inputLen);