mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 22:08:16 -05:00
04b33ce205
* gnu/packages/patches/nss-CVE-2019-11745.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable. (nss)[replacement]: Add field.
24 lines
1.1 KiB
Diff
24 lines
1.1 KiB
Diff
Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
|
|
than the block size to NSC_EncryptUpdate).
|
|
|
|
Copied from Debian, equivalent to upstream fix:
|
|
<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
|
|
|
|
# HG changeset patch
|
|
# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
|
|
# Date 1574189697 25200
|
|
# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
|
|
# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
|
|
Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
|
|
|
|
--- a/nss/lib/softoken/pkcs11c.c
|
|
+++ b/nss/lib/softoken/pkcs11c.c
|
|
@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
|
|
}
|
|
/* encrypt the current padded data */
|
|
rv = (*context->update)(context->cipherInfo, pEncryptedPart,
|
|
- &padoutlen, context->blockSize, context->padBuf,
|
|
+ &padoutlen, maxout, context->padBuf,
|
|
context->blockSize);
|
|
if (rv != SECSuccess) {
|
|
return sftk_MapCryptError(PORT_GetError());
|