nss: CVE-2013-5606

Upstream-Status: Backport

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c

The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 nss/lib/certhigh/certvfy.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
index f364ceb..f450205 100644
--- a/nss/lib/certhigh/certvfy.c
+++ b/nss/lib/certhigh/certvfy.c
@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
 	PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
 	LOG_ERROR_OR_EXIT(log,cert,0,flags);
     } else if (trusted) {
-	goto winner;
+	goto done;
     }
 
 
@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
 	}
     }
 
-winner:
+done:
+    if (log && log->head) {
+        return SECFailure;
+    }
     return(SECSuccess);
 
 loser:
-- 
1.7.9.5