aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
authoryzhu1 <yanjun.zhu@windriver.com>2014-06-18 05:41:30 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-09-29 11:51:26 +0100
commit4ce30ef254511ce39dd576b80134b9316f9fa06c (patch)
treeb224ee267a5a8ffd370e6d7e2cb7f8abccb34fc8 /meta/recipes-support
parente2c81356f68eb0b77408e73f01df5bc5c9f2adb3 (diff)
downloadopenembedded-core-4ce30ef254511ce39dd576b80134b9316f9fa06c.tar.gz
nss-3.15.1: fix CVE-2013-1739
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739 (From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116) Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-support/nss/nss.inc
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch81
1 files changed, 81 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
new file mode 100644
index 0000000000..1a159c3934
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch
@@ -0,0 +1,81 @@
+Upstream-Status: Backport
+Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
+
+--- a/nss/lib/ssl/ssl3con.c
++++ b/nss/lib/ssl/ssl3con.c
+@@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla
+ /* SSLv3 padding bytes are random and cannot be checked. */
+ t = plaintext->len;
+ t -= paddingLength+overhead;
+- /* If len >= padding_length+overhead then the MSB of t is zero. */
++ /* If len >= paddingLength+overhead then the MSB of t is zero. */
+ good = DUPLICATE_MSB_TO_ALL(~t);
+ /* SSLv3 requires that the padding is minimal. */
+ t = blockSize - (paddingLength+1);
+@@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+ }
+ }
+
+- good = (unsigned)-1;
++ good = ~0U;
+ minLength = crSpec->mac_size;
+ if (cipher_def->type == type_block) {
+ /* CBC records have a padding length byte at the end. */
+@@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+ /* We can perform this test in variable time because the record's total
+ * length and the ciphersuite are both public knowledge. */
+ if (cText->buf->len < minLength) {
+- SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.",
+- SSL_GETPID(), ss->fd));
+- /* must not hold spec lock when calling SSL3_SendAlert. */
+- ssl_ReleaseSpecReadLock(ss);
+- SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
+- /* always log mac error, in case attacker can read server logs. */
+- PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+- return SECFailure;
++ goto decrypt_loser;
+ }
+
+ if (cipher_def->type == type_block &&
+@@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+ return SECFailure;
+ }
+
++ if (cipher_def->type == type_block &&
++ ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
++ goto decrypt_loser;
++ }
++
+ /* decrypt from cText buf to plaintext. */
+ rv = crSpec->decode(
+ crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
+ plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
+- good &= SECStatusToMask(rv);
++ if (rv != SECSuccess) {
++ goto decrypt_loser;
++ }
+
+ PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
+
+@@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+
+ /* If it's a block cipher, check and strip the padding. */
+ if (cipher_def->type == type_block) {
+- const unsigned int blockSize = cipher_def->iv_size;
++ const unsigned int blockSize = cipher_def->block_size;
+ const unsigned int macSize = crSpec->mac_size;
+
+ if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) {
+@@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+ }
+
+ if (good == 0) {
++decrypt_loser:
+ /* must not hold spec lock when calling SSL3_SendAlert. */
+ ssl_ReleaseSpecReadLock(ss);
+
+- SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd));
++ SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
+
+ if (!IS_DTLS(ss)) {
+ SSL3_SendAlert(ss, alert_fatal, bad_record_mac);