nss: CVE-2014-1544
the patch comes from: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 https://hg.mozilla.org/projects/nss/rev/204f22c527f8 author Robert Relyea <rrelyea@redhat.com> https://bugzilla.mozilla.org/show_bug.cgi?id=963150 Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from freeing the CERTCertificate associated with the NSSCertificate. r=wtc. (From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
2e8b7023c0
commit
88a3c93097
|
@ -0,0 +1,41 @@
|
|||
nss: CVE-2014-1544
|
||||
|
||||
the patch comes from:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
|
||||
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
|
||||
|
||||
author Robert Relyea <rrelyea@redhat.com>
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
|
||||
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
|
||||
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
|
||||
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Li Wang <li.wang@windriver.com>
|
||||
---
|
||||
nss/lib/pk11wrap/pk11cert.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c
|
||||
index 39168b9..3f3edb1 100644
|
||||
--- a/nss/lib/pk11wrap/pk11cert.c
|
||||
+++ b/nss/lib/pk11wrap/pk11cert.c
|
||||
@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
|
||||
* CERTCertificate, and finish
|
||||
*/
|
||||
nssPKIObject_AddInstance(&c->object, certobj);
|
||||
+ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
|
||||
+ * replace 'c' by a different value. So we add a reference to 'c' to
|
||||
+ * prevent 'c' from being destroyed. */
|
||||
+ nssCertificate_AddRef(c);
|
||||
nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
|
||||
+ /* XXX should we pass the original value of 'c' to
|
||||
+ * STAN_ForceCERTCertificateUpdate? */
|
||||
(void)STAN_ForceCERTCertificateUpdate(c);
|
||||
+ nssCertificate_Destroy(c);
|
||||
SECITEM_FreeItem(keyID,PR_TRUE);
|
||||
return SECSuccess;
|
||||
loser:
|
||||
--
|
||||
1.7.9.5
|
||||
|
|
@ -22,6 +22,7 @@ SRC_URI = "\
|
|||
file://nss-CVE-2013-1740.patch \
|
||||
file://nss-3.15.1-fix-CVE-2013-1739.patch \
|
||||
file://nss-CVE-2013-5606.patch \
|
||||
file://nss-CVE-2014-1544.patch \
|
||||
"
|
||||
SRC_URI_append_class-target = "\
|
||||
file://nss.pc.in \
|
||||
|
|
Loading…
Reference in New Issue