diff options
Diffstat (limited to 'meta/recipes-support/nss/files/nss-CVE-2013-5606.patch')
-rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2013-5606.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch deleted file mode 100644 index f30475b..0000000 --- a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch +++ /dev/null @@ -1,48 +0,0 @@ -nss: CVE-2013-5606 - -Upstream-Status: Backport - -the patch comes from: -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 -https://bugzilla.mozilla.org/show_bug.cgi?id=910438 -http://hg.mozilla.org/projects/nss/rev/d29898e0981c - -The CERT_VerifyCert function in lib/certhigh/certvfy.c in -Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides -an unexpected return value for an incompatible key-usage certificate -when the CERTVerifyLog argument is valid, which might allow remote -attackers to bypass intended access restrictions via a crafted certificate. - -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - nss/lib/certhigh/certvfy.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c -index f364ceb..f450205 100644 ---- a/nss/lib/certhigh/certvfy.c -+++ b/nss/lib/certhigh/certvfy.c -@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, - PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); - LOG_ERROR_OR_EXIT(log,cert,0,flags); - } else if (trusted) { -- goto winner; -+ goto done; - } - - -@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, - } - } - --winner: -+done: -+ if (log && log->head) { -+ return SECFailure; -+ } - return(SECSuccess); - - loser: --- -1.7.9.5 - |