From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][kirkstone][PATCH 2/2] nss: patch CVE-2024-0743
Date: Sat, 4 May 2024 22:59:27 +0200 [thread overview]
Message-ID: <20240504205927.3399327-2-peter.marko@siemens.com> (raw)
In-Reply-To: <20240504205927.3399327-1-peter.marko@siemens.com>
From: Peter Marko <peter.marko@siemens.com>
https://nvd.nist.gov/vuln/detail/CVE-2024-0743
mentions bug 1867408 as tracking fix for this issue.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
...a-defensive-check-for-large-ssl_DefS.patch | 40 +++++++++++++++++++
meta-oe/recipes-support/nss/nss_3.74.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch
diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch
new file mode 100644
index 0000000000..af32c42aec
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch
@@ -0,0 +1,40 @@
+From 2e75513a13e3cf4a16626ef654242b3b07cc8f29 Mon Sep 17 00:00:00 2001
+From: John Schanck <jschanck@mozilla.com>
+Date: Mon, 11 Dec 2023 19:24:14 +0000
+Subject: [PATCH] Bug 1867408 - add a defensive check for large ssl_DefSend
+ return values. r=nkulatova
+
+Differential Revision: https://phabricator.services.mozilla.com/D195054
+
+--HG--
+extra : moz-landing-system : lando
+
+CVE: CVE-2024-0743
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/2e75513a13e3cf4a16626ef654242b3b07cc8f29]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/ssl/sslsecur.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
+index 59ef064c9..9e994f4b5 100644
+--- a/lib/ssl/sslsecur.c
++++ b/lib/ssl/sslsecur.c
+@@ -453,7 +453,12 @@ ssl_SendSavedWriteData(sslSocket *ss)
+ if (rv < 0) {
+ return rv;
+ }
+- ss->pendingBuf.len -= rv;
++ if (rv > ss->pendingBuf.len) {
++ PORT_Assert(0); /* This shouldn't happen */
++ ss->pendingBuf.len = 0;
++ } else {
++ ss->pendingBuf.len -= rv;
++ }
+ if (ss->pendingBuf.len > 0 && rv > 0) {
+ /* UGH !! This shifts the whole buffer down by copying it */
+ PORT_Memmove(ss->pendingBuf.buf, ss->pendingBuf.buf + rv,
+--
+2.30.2
+
diff --git a/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-oe/recipes-support/nss/nss_3.74.bb
index c394c82e69..26baf669d1 100644
--- a/meta-oe/recipes-support/nss/nss_3.74.bb
+++ b/meta-oe/recipes-support/nss/nss_3.74.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://nss-fix-nsinstall-build.patch \
file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
file://0001-Bug-1780432-CVE-2023-5388-Timing-attack-against-RSA-.patch;patchdir=nss \
+ file://0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch;patchdir=nss \
"
SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"
--
2.30.2
prev parent reply other threads:[~2024-05-04 21:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-04 20:59 [meta-oe][kirkstone][PATCH 1/2] nss: patch CVE-2023-5388 Peter Marko
2024-05-04 20:59 ` Peter Marko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240504205927.3399327-2-peter.marko@siemens.com \
--to=peter.marko@siemens.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).