nss: CVE-2014-1492

the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 https://bugzilla.mozilla.org/show_bug.cgi?id=903885 changeset: 11063:709d4e597979 user: Kai Engert <kaie@kuix.de> date: Wed Mar 05 18:38:55 2014 +0100 summary: Bug 903885, address requests to clarify comments from wtc changeset: 11046:2ffa40a3ff55 tag: tip user: Wan-Teh Chang <wtc@google.com> date: Tue Feb 25 18:17:08 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie changeset: 11045:15ea62260c21 user: Christian Heimes <sites@cheimes.de> date: Mon Feb 24 17:50:25 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling, r=kaie (From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd) (From OE-Core rev: 65ebe470a8d69073d0ebce3111abdb0c2e2ebe3c) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-02-25 10:59:41 +01:00 · 2014-05-19 13:42:52 +08:00
parent 7bcc609bf0
commit 948b8461e8
2 changed files with 69 additions and 0 deletions
--- a/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch
+++ b/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch
@@ -0,0 +1,68 @@
+nss: CVE-2014-1492
+
+Upstream-Status: Backport
+
+the patch comes from:
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
+https://bugzilla.mozilla.org/show_bug.cgi?id=903885
+
+changeset:   11063:709d4e597979
+user:        Kai Engert <kaie@kuix.de>
+date:        Wed Mar 05 18:38:55 2014 +0100
+summary:     Bug 903885, address requests to clarify comments from wtc
+
+changeset:   11046:2ffa40a3ff55
+tag:         tip
+user:        Wan-Teh Chang <wtc@google.com>
+date:        Tue Feb 25 18:17:08 2014 +0100
+summary:     Bug 903885, fix IDNA wildcard handling v4, r=kaie
+
+changeset:   11045:15ea62260c21
+user:        Christian Heimes <sites@cheimes.de>
+date:        Mon Feb 24 17:50:25 2014 +0100
+summary:     Bug 903885, fix IDNA wildcard handling, r=kaie
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ nss/lib/certdb/certdb.c |   15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/nss/lib/certdb/certdb.c b/nss/lib/certdb/certdb.c
+index b7d22bd..91877b7 100644
+--- a/nss/lib/certdb/certdb.c
+++ b/nss/lib/certdb/certdb.c
+@@ -1381,7 +1381,7 @@ cert_TestHostName(char * cn, const char * hn)
+ 	    return rv;
+ 	}
+     } else {
+-	/* New approach conforms to RFC 2818. */
+	/* New approach conforms to RFC 6125. */
+ 	char *wildcard    = PORT_Strchr(cn, '*');
+ 	char *firstcndot  = PORT_Strchr(cn, '.');
+ 	char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL;
+@@ -1390,14 +1390,17 @@ cert_TestHostName(char * cn, const char * hn)
+ 	/* For a cn pattern to be considered valid, the wildcard character...
+ 	 * - may occur only in a DNS name with at least 3 components, and
+ 	 * - may occur only as last character in the first component, and
+-	 * - may be preceded by additional characters
+         * - may be preceded by additional characters, and
+         * - must not be preceded by an IDNA ACE prefix (xn--)
+ 	 */
+ 	if (wildcard && secondcndot && secondcndot[1] && firsthndot 
+-	    && firstcndot  - wildcard  == 1
+-	    && secondcndot - firstcndot > 1
+-	    && PORT_Strrchr(cn, '*') == wildcard
+            && firstcndot  - wildcard  == 1 /* wildcard is last char in first component */
+            && secondcndot - firstcndot > 1 /* second component is non-empty */
+            && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
+ 	    && !PORT_Strncasecmp(cn, hn, wildcard - cn)
+-	    && !PORT_Strcasecmp(firstcndot, firsthndot)) {
+            && !PORT_Strcasecmp(firstcndot, firsthndot)
+               /* If hn starts with xn--, then cn must start with wildcard */
+            && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
+ 	    /* valid wildcard pattern match */
+ 	    return SECSuccess;
+ 	}
+-- 
+1.7.9.5
+
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -18,6 +18,7 @@ SRC_URI = "\
    file://nss-fix-incorrect-shebang-of-perl.patch \
    file://nss-3.15.1-fix-CVE-2013-1741.patch \
    file://nss-3.15.1-fix-CVE-2013-5605.patch \
+    file://nss-CVE-2014-1492.patch \
 "
 SRC_URI_append_class-target = "\
    file://nss.pc.in \