[oe-commits] Li Wang : nss: CVE-2013-5606

Tue Jul 29 08:59:02 UTC 2014

Module: openembedded-core.git
Branch: master
Commit: 1e153b1b21276d56144add464d592cd7b96a4ede
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=1e153b1b21276d56144add464d592cd7b96a4ede

Author: Li Wang <li.wang at windriver.com>
Date:   Mon Jul 28 02:50:42 2014 -0400

nss: CVE-2013-5606

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c

The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.

Signed-off-by: Li Wang <li.wang at windriver.com>
Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

---

 .../nss/files/nss-CVE-2013-5606.patch              | 48 ++++++++++++++++++++++
 meta/recipes-support/nss/nss.inc                   |  1 +
 2 files changed, 49 insertions(+)

diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch
new file mode 100644
index 0000000..f30475b
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch
@@ -0,0 +1,48 @@
+nss: CVE-2013-5606
+
+Upstream-Status: Backport
+
+the patch comes from:
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
+https://bugzilla.mozilla.org/show_bug.cgi?id=910438
+http://hg.mozilla.org/projects/nss/rev/d29898e0981c
+
+The CERT_VerifyCert function in lib/certhigh/certvfy.c in
+Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
+an unexpected return value for an incompatible key-usage certificate
+when the CERTVerifyLog argument is valid, which might allow remote
+attackers to bypass intended access restrictions via a crafted certificate.
+
+Signed-off-by: Li Wang <li.wang at windriver.com>
+---
+ nss/lib/certhigh/certvfy.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
+index f364ceb..f450205 100644
+--- a/nss/lib/certhigh/certvfy.c
++++ b/nss/lib/certhigh/certvfy.c
+@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
+ 	PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+ 	LOG_ERROR_OR_EXIT(log,cert,0,flags);
+     } else if (trusted) {
+-	goto winner;
++	goto done;
+     }
+ 
+ 
+@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
+ 	}
+     }
+ 
+-winner:
++done:
++    if (log && log->head) {
++        return SECFailure;
++    }
+     return(SECSuccess);
+ 
+ loser:
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index cc9e7b9..ce7d4a4 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -21,6 +21,7 @@ SRC_URI = "\
     file://nss-CVE-2014-1492.patch \
     file://nss-CVE-2013-1740.patch \
     file://nss-3.15.1-fix-CVE-2013-1739.patch \
+    file://nss-CVE-2013-5606.patch \
 "
 SRC_URI_append_class-target = "\
     file://nss.pc.in \

