diff options
Diffstat (limited to 'meta/recipes-support/nss/files/nss-CVE-2014-1492.patch')
| -rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2014-1492.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch deleted file mode 100644 index 1be8a17870..0000000000 --- a/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch +++ /dev/null @@ -1,68 +0,0 @@ -nss: CVE-2014-1492 - -Upstream-Status: Backport - -the patch comes from: -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 -https://bugzilla.mozilla.org/show_bug.cgi?id=903885 - -changeset: 11063:709d4e597979 -user: Kai Engert <kaie@kuix.de> -date: Wed Mar 05 18:38:55 2014 +0100 -summary: Bug 903885, address requests to clarify comments from wtc - -changeset: 11046:2ffa40a3ff55 -tag: tip -user: Wan-Teh Chang <wtc@google.com> -date: Tue Feb 25 18:17:08 2014 +0100 -summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie - -changeset: 11045:15ea62260c21 -user: Christian Heimes <sites@cheimes.de> -date: Mon Feb 24 17:50:25 2014 +0100 -summary: Bug 903885, fix IDNA wildcard handling, r=kaie - -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - nss/lib/certdb/certdb.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/nss/lib/certdb/certdb.c b/nss/lib/certdb/certdb.c -index b7d22bd..91877b7 100644 ---- a/nss/lib/certdb/certdb.c -+++ b/nss/lib/certdb/certdb.c -@@ -1381,7 +1381,7 @@ cert_TestHostName(char * cn, const char * hn) - return rv; - } - } else { -- /* New approach conforms to RFC 2818. */ -+ /* New approach conforms to RFC 6125. */ - char *wildcard = PORT_Strchr(cn, '*'); - char *firstcndot = PORT_Strchr(cn, '.'); - char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL; -@@ -1390,14 +1390,17 @@ cert_TestHostName(char * cn, const char * hn) - /* For a cn pattern to be considered valid, the wildcard character... - * - may occur only in a DNS name with at least 3 components, and - * - may occur only as last character in the first component, and -- * - may be preceded by additional characters -+ * - may be preceded by additional characters, and -+ * - must not be preceded by an IDNA ACE prefix (xn--) - */ - if (wildcard && secondcndot && secondcndot[1] && firsthndot -- && firstcndot - wildcard == 1 -- && secondcndot - firstcndot > 1 -- && PORT_Strrchr(cn, '*') == wildcard -+ && firstcndot - wildcard == 1 /* wildcard is last char in first component */ -+ && secondcndot - firstcndot > 1 /* second component is non-empty */ -+ && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */ - && !PORT_Strncasecmp(cn, hn, wildcard - cn) -- && !PORT_Strcasecmp(firstcndot, firsthndot)) { -+ && !PORT_Strcasecmp(firstcndot, firsthndot) -+ /* If hn starts with xn--, then cn must start with wildcard */ -+ && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) { - /* valid wildcard pattern match */ - return SECSuccess; - } --- -1.7.9.5 - |