diff options
Diffstat (limited to 'meta/recipes-support/nss/files/nss-CVE-2013-5606.patch')
-rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2013-5606.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch deleted file mode 100644 index f30475b16b..0000000000 --- a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | nss: CVE-2013-5606 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | the patch comes from: | ||
6 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 | ||
7 | https://bugzilla.mozilla.org/show_bug.cgi?id=910438 | ||
8 | http://hg.mozilla.org/projects/nss/rev/d29898e0981c | ||
9 | |||
10 | The CERT_VerifyCert function in lib/certhigh/certvfy.c in | ||
11 | Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides | ||
12 | an unexpected return value for an incompatible key-usage certificate | ||
13 | when the CERTVerifyLog argument is valid, which might allow remote | ||
14 | attackers to bypass intended access restrictions via a crafted certificate. | ||
15 | |||
16 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
17 | --- | ||
18 | nss/lib/certhigh/certvfy.c | 7 +++++-- | ||
19 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c | ||
22 | index f364ceb..f450205 100644 | ||
23 | --- a/nss/lib/certhigh/certvfy.c | ||
24 | +++ b/nss/lib/certhigh/certvfy.c | ||
25 | @@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, | ||
26 | PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); | ||
27 | LOG_ERROR_OR_EXIT(log,cert,0,flags); | ||
28 | } else if (trusted) { | ||
29 | - goto winner; | ||
30 | + goto done; | ||
31 | } | ||
32 | |||
33 | |||
34 | @@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, | ||
35 | } | ||
36 | } | ||
37 | |||
38 | -winner: | ||
39 | +done: | ||
40 | + if (log && log->head) { | ||
41 | + return SECFailure; | ||
42 | + } | ||
43 | return(SECSuccess); | ||
44 | |||
45 | loser: | ||
46 | -- | ||
47 | 1.7.9.5 | ||
48 | |||