diff options
Diffstat (limited to 'meta/recipes-support/nss/files/nss-CVE-2014-1544.patch')
-rw-r--r-- | meta/recipes-support/nss/files/nss-CVE-2014-1544.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch deleted file mode 100644 index d6434df..0000000 --- a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch +++ /dev/null @@ -1,41 +0,0 @@ -nss: CVE-2014-1544 - -the patch comes from: -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 -https://hg.mozilla.org/projects/nss/rev/204f22c527f8 - -author Robert Relyea <rrelyea@redhat.com> -https://bugzilla.mozilla.org/show_bug.cgi?id=963150 -Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls -to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from -freeing the CERTCertificate associated with the NSSCertificate. r=wtc. - -Upstream-Status: Pending -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - nss/lib/pk11wrap/pk11cert.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c -index 39168b9..3f3edb1 100644 ---- a/nss/lib/pk11wrap/pk11cert.c -+++ b/nss/lib/pk11wrap/pk11cert.c -@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, - * CERTCertificate, and finish - */ - nssPKIObject_AddInstance(&c->object, certobj); -+ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and -+ * replace 'c' by a different value. So we add a reference to 'c' to -+ * prevent 'c' from being destroyed. */ -+ nssCertificate_AddRef(c); - nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); -+ /* XXX should we pass the original value of 'c' to -+ * STAN_ForceCERTCertificateUpdate? */ - (void)STAN_ForceCERTCertificateUpdate(c); -+ nssCertificate_Destroy(c); - SECITEM_FreeItem(keyID,PR_TRUE); - return SECSuccess; - loser: --- -1.7.9.5 - |