From 4ce30ef254511ce39dd576b80134b9316f9fa06c Mon Sep 17 00:00:00 2001 From: yzhu1 Date: Wed, 18 Jun 2014 05:41:30 -0400 Subject: nss-3.15.1: fix CVE-2013-1739 Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739 (From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116) Signed-off-by: yzhu1 Signed-off-by: Jackie Huang Signed-off-by: Richard Purdie Conflicts: meta/recipes-support/nss/nss.inc --- .../nss/files/nss-3.15.1-fix-CVE-2013-1739.patch | 81 ++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch (limited to 'meta') diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch new file mode 100644 index 0000000000..1a159c3934 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch @@ -0,0 +1,81 @@ +Upstream-Status: Backport +Signed-off-by: yzhu1 + +--- a/nss/lib/ssl/ssl3con.c ++++ b/nss/lib/ssl/ssl3con.c +@@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla + /* SSLv3 padding bytes are random and cannot be checked. */ + t = plaintext->len; + t -= paddingLength+overhead; +- /* If len >= padding_length+overhead then the MSB of t is zero. */ ++ /* If len >= paddingLength+overhead then the MSB of t is zero. */ + good = DUPLICATE_MSB_TO_ALL(~t); + /* SSLv3 requires that the padding is minimal. */ + t = blockSize - (paddingLength+1); +@@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + } + } + +- good = (unsigned)-1; ++ good = ~0U; + minLength = crSpec->mac_size; + if (cipher_def->type == type_block) { + /* CBC records have a padding length byte at the end. */ +@@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + /* We can perform this test in variable time because the record's total + * length and the ciphersuite are both public knowledge. */ + if (cText->buf->len < minLength) { +- SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.", +- SSL_GETPID(), ss->fd)); +- /* must not hold spec lock when calling SSL3_SendAlert. */ +- ssl_ReleaseSpecReadLock(ss); +- SSL3_SendAlert(ss, alert_fatal, bad_record_mac); +- /* always log mac error, in case attacker can read server logs. */ +- PORT_SetError(SSL_ERROR_BAD_MAC_READ); +- return SECFailure; ++ goto decrypt_loser; + } + + if (cipher_def->type == type_block && +@@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + return SECFailure; + } + ++ if (cipher_def->type == type_block && ++ ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) { ++ goto decrypt_loser; ++ } ++ + /* decrypt from cText buf to plaintext. */ + rv = crSpec->decode( + crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, + plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen); +- good &= SECStatusToMask(rv); ++ if (rv != SECSuccess) { ++ goto decrypt_loser; ++ } + + PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); + +@@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + + /* If it's a block cipher, check and strip the padding. */ + if (cipher_def->type == type_block) { +- const unsigned int blockSize = cipher_def->iv_size; ++ const unsigned int blockSize = cipher_def->block_size; + const unsigned int macSize = crSpec->mac_size; + + if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) { +@@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + } + + if (good == 0) { ++decrypt_loser: + /* must not hold spec lock when calling SSL3_SendAlert. */ + ssl_ReleaseSpecReadLock(ss); + +- SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); ++ SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); + + if (!IS_DTLS(ss)) { + SSL3_SendAlert(ss, alert_fatal, bad_record_mac); -- cgit 1.2.3-korg