[meta-oe,dunfell] nss: Add fix for CVE-2022-22747

Message ID	20220211125322.17665-1-ranjitsinhrathod1991@gmail.com
State	Accepted, archived
Delegated to:	Armin Kuster
Headers	show Return-Path: <ranjitsinhrathod1991@gmail.com> ip: 209.85.216.42, mailfrom: ranjitsinhrathod1991@gmail.com) From: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: akuster808@gmail.com, Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Subject: [meta-oe][dunfell][PATCH] nss: Add fix for CVE-2022-22747 Date: Fri, 11 Feb 2022 18:23:22 +0530 Message-Id: <20220211125322.17665-1-ranjitsinhrathod1991@gmail.com>
Series	[meta-oe,dunfell] nss: Add fix for CVE-2022-22747 \| expand [meta-oe,dunfell] nss: Add fix for CVE-2022-22747

Message ID

20220211125322.17665-1-ranjitsinhrathod1991@gmail.com

State

Accepted, archived

Delegated to:

Armin Kuster

Headers

From: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: akuster808@gmail.com,
	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Subject: [meta-oe][dunfell][PATCH] nss: Add fix for CVE-2022-22747
Date: Fri, 11 Feb 2022 18:23:22 +0530
Message-Id: <20220211125322.17665-1-ranjitsinhrathod1991@gmail.com>

Series

[meta-oe,dunfell] nss: Add fix for CVE-2022-22747 | expand

Commit Message

Ranjitsinh Rathod Feb. 11, 2022, 12:53 p.m. UTC

From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

Add a patch to fix CVE-2022-22747

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
 .../nss/nss/CVE-2022-22747.patch              | 63 +++++++++++++++++++
 meta-oe/recipes-support/nss/nss_3.51.1.bb     |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch

diff --git a/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch b/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch
new file mode 100644
index 000000000..cccb73187
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch
@@ -0,0 +1,63 @@ 
+# HG changeset patch
+# User John M. Schanck <jschanck@mozilla.com>
+# Date 1633990165 0
+# Node ID 7ff99e71f3e37faed12bc3cc90a3eed27e3418d0
+# Parent  f80fafd04cf82b4d315c8fe42bb4639703f6ee4f
+Bug 1735028 - check for missing signedData field r=keeler
+
+Differential Revision: https://phabricator.services.mozilla.com/D128112
+
+Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/raw-rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0]
+CVE: CVE-2022-22747
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/nss/gtests/certdb_gtest/decode_certs_unittest.cc
+--- a/nss/gtests/certdb_gtest/decode_certs_unittest.cc
++++ b/nss/gtests/certdb_gtest/decode_certs_unittest.cc
+@@ -21,8 +21,21 @@ TEST_F(DecodeCertsTest, EmptyCertPackage
+   unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86,
+                                       0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+                                       0x05, 0xa0, 0x02, 0x30, 0x00};
+   EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage(
+                          reinterpret_cast<char*>(emptyCertPackage),
+                          sizeof(emptyCertPackage)));
+   EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+ }
++
++TEST_F(DecodeCertsTest, EmptySignedData) {
++  // This represents a PKCS#7 ContentInfo of contentType
++  // 1.2.840.113549.1.7.2 (signedData) with missing content.
++  unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
++                                     0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
++                                     0x02, 0x00, 0x00, 0x05, 0x00};
++
++  EXPECT_EQ(nullptr,
++            CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData),
++                                       sizeof(emptySignedData)));
++  EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
++}
+diff --git a/nss/lib/pkcs7/certread.c b/nss/lib/pkcs7/certread.c
+--- a/nss/lib/pkcs7/certread.c
++++ b/nss/lib/pkcs7/certread.c
+@@ -134,16 +134,21 @@ SEC_ReadPKCS7Certs(SECItem *pkcs7Item, C
+                            pkcs7Item) != SECSuccess) {
+         goto done;
+     }
+ 
+     if (GetContentTypeTag(&contentInfo) != SEC_OID_PKCS7_SIGNED_DATA) {
+         goto done;
+     }
+ 
++    if (contentInfo.content.signedData == NULL) {
++        PORT_SetError(SEC_ERROR_BAD_DER);
++        goto done;
++    }
++
+     rv = SECSuccess;
+ 
+     certs = contentInfo.content.signedData->certificates;
+     if (certs) {
+         count = 0;
+ 
+         while (*certs) {
+             count++;
diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index f03473b1a..8b59f7ea8 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -40,6 +40,7 @@  SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
            file://CVE-2020-12403_1.patch \
            file://CVE-2020-12403_2.patch \
            file://CVE-2021-43527.patch \
+           file://CVE-2022-22747.patch \
            "
 
 SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"

[meta-oe,dunfell] nss: Add fix for CVE-2022-22747

Commit Message

Patch