From 04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 10 Dec 2019 18:20:51 -0500 Subject: gnu: nss: Fix CVE-2019-11745 via graft. * gnu/packages/patches/nss-CVE-2019-11745.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable. (nss)[replacement]: Add field. --- gnu/packages/patches/nss-CVE-2019-11745.patch | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 gnu/packages/patches/nss-CVE-2019-11745.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch b/gnu/packages/patches/nss-CVE-2019-11745.patch new file mode 100644 index 0000000000..ae0eeda3c8 --- /dev/null +++ b/gnu/packages/patches/nss-CVE-2019-11745.patch @@ -0,0 +1,24 @@ +Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller +than the block size to NSC_EncryptUpdate). + +Copied from Debian, equivalent to upstream fix: +. + +# HG changeset patch +# User Craig Disselkoen +# Date 1574189697 25200 +# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec +# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6 +Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus + +--- a/nss/lib/softoken/pkcs11c.c ++++ b/nss/lib/softoken/pkcs11c.c +@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes + } + /* encrypt the current padded data */ + rv = (*context->update)(context->cipherInfo, pEncryptedPart, +- &padoutlen, context->blockSize, context->padBuf, ++ &padoutlen, maxout, context->padBuf, + context->blockSize); + if (rv != SECSuccess) { + return sftk_MapCryptError(PORT_GetError()); -- cgit v1.2.3