Patchwork [4/4] nss-3.15.1: fix CVE-2013-5605

login
register
mail settings
Submitter Hongxu Jia
Date March 28, 2014, 9:43 a.m.
Message ID <a83b601a6841cd1d4d0745f7d584a2f5d5612be2.1395997035.git.hongxu.jia@windriver.com>
Download mbox | patch
Permalink /patch/69541/
State Accepted
Commit 6196e18bfee5b36417d795ea826a1086d27cbce3
Headers show

Comments

Hongxu Jia - March 28, 2014, 9:43 a.m.
From: "yanjun.zhu" <yanjun.zhu@windriver.com>

Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via
invalid handshake packets.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 .../nss/files/nss-3.15.1-fix-CVE-2013-5605.patch       | 18 ++++++++++++++++++
 meta/recipes-support/nss/nss.inc                       |  1 +
 2 files changed, 19 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch

Patch

diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch
new file mode 100644
index 0000000..7203d02
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch
@@ -0,0 +1,18 @@ 
+signed-off-by: Ryan Sleevi <ryan.sleevi@gmail.com>
+Upstream-Status: Backport
+reference:https://hg.mozilla.org/projects/nss/rev/e79a09364b5e
+
+--- a/nss/lib/ssl/ssl3con.c
++++ b/nss/lib/ssl/ssl3con.c
+@@ -781,6 +781,11 @@ static SECStatus
+ Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
+ 	    const unsigned char *input, int inputLen)
+ {
++    if (inputLen > maxOutputLen) {
++        *outputLen = 0;  /* Match PK11_CipherOp in setting outputLen */
++        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
++        return SECFailure;
++    }
+     *outputLen = inputLen;
+     if (input != output)
+ 	PORT_Memcpy(output, input, inputLen);
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 6364562..404decc 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -17,6 +17,7 @@  SRC_URI = "\
     file://nss-no-rpath-for-cross-compiling.patch \
     file://nss-fix-incorrect-shebang-of-perl.patch \
     file://nss-3.15.1-fix-CVE-2013-1741.patch \
+    file://nss-3.15.1-fix-CVE-2013-5605.patch \
 "
 SRC_URI_append_class-target = "\
     file://nss.pc.in \