diff options
| author |   yanjun.zhu <yanjun.zhu@windriver.com> | 2014-03-28 17:43:38 +0800 |
|---|---|---|
| committer |   Andreas Oberritter <obi@opendreambox.org> | 2015-02-23 17:15:29 +0100 |
| commit | 0ab1e8bc92cdc78c1c1896bd1ae5af5bf9716706 (patch) | |
| tree | 86219490673e6bf124ba10dc24084230e3215304 /meta/recipes-support | |
| parent | bac89674978008ccf48fae2abff402fccfe1a20a (diff) | |
| download | openembedded-core-contrib-0ab1e8bc92cdc78c1c1896bd1ae5af5bf9716706.tar.gz | |
nss-3.15.1: fix CVE-2013-5605
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via
invalid handshake packets.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09e8cd6f09284ad3faf0bc05d623a43e2b174866)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch | 18 | ||||
| -rw-r--r-- | meta/recipes-support/nss/nss.inc | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch new file mode 100644 index 0000000000..7203d02c78 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch @@ -0,0 +1,18 @@ +signed-off-by: Ryan Sleevi <ryan.sleevi@gmail.com> +Upstream-Status: Backport +reference:https://hg.mozilla.org/projects/nss/rev/e79a09364b5e + +--- a/nss/lib/ssl/ssl3con.c ++++ b/nss/lib/ssl/ssl3con.c +@@ -781,6 +781,11 @@ static SECStatus + Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, + const unsigned char *input, int inputLen) + { ++ if (inputLen > maxOutputLen) { ++ *outputLen = 0; /* Match PK11_CipherOp in setting outputLen */ ++ PORT_SetError(SEC_ERROR_OUTPUT_LEN); ++ return SECFailure; ++ } + *outputLen = inputLen; + if (input != output) + PORT_Memcpy(output, input, inputLen); diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 7fa36fc2f8..7cce5ea837 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc @@ -17,6 +17,7 @@ SRC_URI = "\ file://nss-no-rpath-for-cross-compiling.patch \ file://nss-fix-incorrect-shebang-of-perl.patch \ file://nss-3.15.1-fix-CVE-2013-1741.patch \ + file://nss-3.15.1-fix-CVE-2013-5605.patch \ " SRC_URI_append_class-target += "\ file://nss.pc.in \ |