diff options
author | Li Wang <li.wang@windriver.com> | 2014-07-28 02:50:42 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-07-29 09:56:54 +0100 |
commit | 1e153b1b21276d56144add464d592cd7b96a4ede (patch) | |
tree | b9c48bab8c2dd3b759658a8441c70cec5ecce935 | |
parent | f9d7407e54f1fa3d3a316a5bbb8b80665e6f03fd (diff) | |
download | openembedded-core-1e153b1b21276d56144add464d592cd7b96a4ede.tar.gz openembedded-core-1e153b1b21276d56144add464d592cd7b96a4ede.tar.bz2 openembedded-core-1e153b1b21276d56144add464d592cd7b96a4ede.zip |
nss: CVE-2013-5606
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c
The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2013-5606.patch | 48 | ||||
-rw-r--r-- | meta/recipes-support/nss/nss.inc | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch new file mode 100644 index 0000000000..f30475b16b --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch @@ -0,0 +1,48 @@ +nss: CVE-2013-5606 + +Upstream-Status: Backport + +the patch comes from: +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 +https://bugzilla.mozilla.org/show_bug.cgi?id=910438 +http://hg.mozilla.org/projects/nss/rev/d29898e0981c + +The CERT_VerifyCert function in lib/certhigh/certvfy.c in +Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides +an unexpected return value for an incompatible key-usage certificate +when the CERTVerifyLog argument is valid, which might allow remote +attackers to bypass intended access restrictions via a crafted certificate. + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + nss/lib/certhigh/certvfy.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c +index f364ceb..f450205 100644 +--- a/nss/lib/certhigh/certvfy.c ++++ b/nss/lib/certhigh/certvfy.c +@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, + PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); + LOG_ERROR_OR_EXIT(log,cert,0,flags); + } else if (trusted) { +- goto winner; ++ goto done; + } + + +@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, + } + } + +-winner: ++done: ++ if (log && log->head) { ++ return SECFailure; ++ } + return(SECSuccess); + + loser: +-- +1.7.9.5 + diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index cc9e7b9cd2..ce7d4a4b27 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc @@ -21,6 +21,7 @@ SRC_URI = "\ file://nss-CVE-2014-1492.patch \ file://nss-CVE-2013-1740.patch \ file://nss-3.15.1-fix-CVE-2013-1739.patch \ + file://nss-CVE-2013-5606.patch \ " SRC_URI_append_class-target = "\ file://nss.pc.in \ |