diff options
author | Li Wang <li.wang@windriver.com> | 2014-08-26 16:33:24 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-08-27 12:12:06 +0100 |
commit | 7ef613c7f4b9e4ff153766f31dae81fc4810c0df (patch) | |
tree | ea2a8cd84da17dd1bbb05edda6e01fd5705420a7 /meta/recipes-support | |
parent | 885cec11c978975d5c51ded92882a3b00d5ccf8c (diff) | |
download | openembedded-core-7ef613c7f4b9e4ff153766f31dae81fc4810c0df.tar.gz openembedded-core-7ef613c7f4b9e4ff153766f31dae81fc4810c0df.tar.bz2 openembedded-core-7ef613c7f4b9e4ff153766f31dae81fc4810c0df.zip |
nss: CVE-2014-1544
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2014-1544.patch | 41 | ||||
-rw-r--r-- | meta/recipes-support/nss/nss.inc | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch new file mode 100644 index 0000000000..d6434dfe23 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch @@ -0,0 +1,41 @@ +nss: CVE-2014-1544 + +the patch comes from: +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 +https://hg.mozilla.org/projects/nss/rev/204f22c527f8 + +author Robert Relyea <rrelyea@redhat.com> +https://bugzilla.mozilla.org/show_bug.cgi?id=963150 +Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls +to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from +freeing the CERTCertificate associated with the NSSCertificate. r=wtc. + +Upstream-Status: Pending +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + nss/lib/pk11wrap/pk11cert.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c +index 39168b9..3f3edb1 100644 +--- a/nss/lib/pk11wrap/pk11cert.c ++++ b/nss/lib/pk11wrap/pk11cert.c +@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, + * CERTCertificate, and finish + */ + nssPKIObject_AddInstance(&c->object, certobj); ++ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and ++ * replace 'c' by a different value. So we add a reference to 'c' to ++ * prevent 'c' from being destroyed. */ ++ nssCertificate_AddRef(c); + nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); ++ /* XXX should we pass the original value of 'c' to ++ * STAN_ForceCERTCertificateUpdate? */ + (void)STAN_ForceCERTCertificateUpdate(c); ++ nssCertificate_Destroy(c); + SECITEM_FreeItem(keyID,PR_TRUE); + return SECSuccess; + loser: +-- +1.7.9.5 + diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 69f98b58cd..d706c43cab 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc @@ -22,6 +22,7 @@ SRC_URI = "\ file://nss-CVE-2013-1740.patch \ file://nss-3.15.1-fix-CVE-2013-1739.patch \ file://nss-CVE-2013-5606.patch \ + file://nss-CVE-2014-1544.patch \ " SRC_URI_append_class-target = "\ file://nss.pc.in \ |