From 4de7bdebf282266e52b5b577e779ce9d38101162 Mon Sep 17 00:00:00 2001
From: Li Wang <li.wang@windriver.com>
Date: Tue, 26 Aug 2014 16:33:24 +0800
Subject: nss: CVE-2014-1544

the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8

author  Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ef613c7f4b9e4ff153766f31dae81fc4810c0df)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
---
 .../nss/files/nss-CVE-2014-1544.patch              | 41 ++++++++++++++++++++++
 meta/recipes-support/nss/nss.inc                   |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/nss-CVE-2014-1544.patch

(limited to 'meta/recipes-support')

diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch
new file mode 100644
index 0000000000..d6434dfe23
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch
@@ -0,0 +1,41 @@
+nss: CVE-2014-1544
+
+the patch comes from:
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
+https://hg.mozilla.org/projects/nss/rev/204f22c527f8
+
+author	Robert Relyea <rrelyea@redhat.com>
+https://bugzilla.mozilla.org/show_bug.cgi?id=963150
+Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
+to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
+freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
+
+Upstream-Status: Pending
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ nss/lib/pk11wrap/pk11cert.c |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c
+index 39168b9..3f3edb1 100644
+--- a/nss/lib/pk11wrap/pk11cert.c
++++ b/nss/lib/pk11wrap/pk11cert.c
+@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
+      * CERTCertificate, and finish
+      */
+     nssPKIObject_AddInstance(&c->object, certobj);
++    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
++     * replace 'c' by a different value. So we add a reference to 'c' to
++     * prevent 'c' from being destroyed. */
++    nssCertificate_AddRef(c);
+     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
++    /* XXX should we pass the original value of 'c' to
++     * STAN_ForceCERTCertificateUpdate? */
+     (void)STAN_ForceCERTCertificateUpdate(c);
++    nssCertificate_Destroy(c);
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     return SECSuccess;
+ loser:
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 6bb58bf5d5..29980def84 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -22,6 +22,7 @@ SRC_URI = "\
     file://nss-CVE-2013-1740.patch \
     file://nss-3.15.1-fix-CVE-2013-1739.patch \
     file://nss-CVE-2013-5606.patch \
+    file://nss-CVE-2014-1544.patch \
 "
 SRC_URI_append_class-target += "\
     file://nss.pc.in \
-- 
cgit 1.2.3-korg