diff options
| author |   Li Wang <li.wang@windriver.com> | 2014-08-26 16:33:24 +0800 |
|---|---|---|
| committer |   Andreas Oberritter <obi@opendreambox.org> | 2015-02-23 17:15:45 +0100 |
| commit | 4de7bdebf282266e52b5b577e779ce9d38101162 (patch) | |
| tree | 936b0e0bbc3e28dc8a47633e137fc1bf5e94716c /meta/recipes-support | |
| parent | cc117acd441a511958011c2abad2fd4bb04abdfb (diff) | |
| download | openembedded-core-contrib-4de7bdebf282266e52b5b577e779ce9d38101162.tar.gz | |
nss: CVE-2014-1544
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ef613c7f4b9e4ff153766f31dae81fc4810c0df)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2014-1544.patch | 41 | ||||
| -rw-r--r-- | meta/recipes-support/nss/nss.inc | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch new file mode 100644 index 0000000000..d6434dfe23 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch @@ -0,0 +1,41 @@ +nss: CVE-2014-1544 + +the patch comes from: +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 +https://hg.mozilla.org/projects/nss/rev/204f22c527f8 + +author Robert Relyea <rrelyea@redhat.com> +https://bugzilla.mozilla.org/show_bug.cgi?id=963150 +Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls +to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from +freeing the CERTCertificate associated with the NSSCertificate. r=wtc. + +Upstream-Status: Pending +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + nss/lib/pk11wrap/pk11cert.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c +index 39168b9..3f3edb1 100644 +--- a/nss/lib/pk11wrap/pk11cert.c ++++ b/nss/lib/pk11wrap/pk11cert.c +@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, + * CERTCertificate, and finish + */ + nssPKIObject_AddInstance(&c->object, certobj); ++ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and ++ * replace 'c' by a different value. So we add a reference to 'c' to ++ * prevent 'c' from being destroyed. */ ++ nssCertificate_AddRef(c); + nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); ++ /* XXX should we pass the original value of 'c' to ++ * STAN_ForceCERTCertificateUpdate? */ + (void)STAN_ForceCERTCertificateUpdate(c); ++ nssCertificate_Destroy(c); + SECITEM_FreeItem(keyID,PR_TRUE); + return SECSuccess; + loser: +-- +1.7.9.5 + diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 6bb58bf5d5..29980def84 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc @@ -22,6 +22,7 @@ SRC_URI = "\ file://nss-CVE-2013-1740.patch \ file://nss-3.15.1-fix-CVE-2013-1739.patch \ file://nss-CVE-2013-5606.patch \ + file://nss-CVE-2014-1544.patch \ " SRC_URI_append_class-target += "\ file://nss.pc.in \ |