mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-15 06:10:02 +00:00
Code Issues Projects Releases Wiki Activity

nss: patch CVE-2024-0743

Browse Source 
https://nvd.nist.gov/vuln/detail/CVE-2024-0743
mentions bug 1867408 as tracking fix for this issue.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Peter Marko
2024-05-04 22:59:27 +02:00
committed by Armin Kuster
parent 8c7363cd3c
commit 9c9224811b
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/nss/nss/0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch
+40
View File
@@ -0,0 +1,40 @@
From 2e75513a13e3cf4a16626ef654242b3b07cc8f29 Mon Sep 17 00:00:00 2001
From: John Schanck <jschanck@mozilla.com>
Date: Mon, 11 Dec 2023 19:24:14 +0000
Subject: [PATCH] Bug 1867408 - add a defensive check for large ssl_DefSend
return values. r=nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D195054
--HG--
extra : moz-landing-system : lando
CVE: CVE-2024-0743
Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/2e75513a13e3cf4a16626ef654242b3b07cc8f29]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/ssl/sslsecur.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
index 59ef064c9..9e994f4b5 100644
--- a/lib/ssl/sslsecur.c
+++ b/lib/ssl/sslsecur.c
@@ -453,7 +453,12 @@ ssl_SendSavedWriteData(sslSocket *ss)
if (rv < 0) {
return rv;
}
- ss->pendingBuf.len -= rv;
+ if (rv > ss->pendingBuf.len) {
+ PORT_Assert(0); /* This shouldn't happen */
+ ss->pendingBuf.len = 0;
+ } else {
+ ss->pendingBuf.len -= rv;
+ }
if (ss->pendingBuf.len > 0 && rv > 0) {
/* UGH !! This shifts the whole buffer down by copying it */
PORT_Memmove(ss->pendingBuf.buf, ss->pendingBuf.buf + rv,
--
2.30.2
meta-oe/recipes-support/nss/nss_3.74.bb
+1
View File
@@ -33,6 +33,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://nss-fix-nsinstall-build.patch \
file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
file://0001-Bug-1780432-CVE-2023-5388-Timing-attack-against-RSA-.patch;patchdir=nss \
file://0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch;patchdir=nss \
"
SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"