diff --git a/SOURCES/nss-3.44-encrypt-update.patch b/SOURCES/nss-3.44-encrypt-update.patch new file mode 100644 index 0000000..0c2441a --- /dev/null +++ b/SOURCES/nss-3.44-encrypt-update.patch @@ -0,0 +1,21 @@ +# HG changeset patch +# User Craig Disselkoen +# Date 1574189697 25200 +# Tue Nov 19 11:54:57 2019 -0700 +# Branch NSS_3_44_BRANCH +# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec +# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6 +Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus + +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -1321,7 +1321,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes + } + /* encrypt the current padded data */ + rv = (*context->update)(context->cipherInfo, pEncryptedPart, +- &padoutlen, context->blockSize, context->padBuf, ++ &padoutlen, maxout, context->padBuf, + context->blockSize); + if (rv != SECSuccess) { + return sftk_MapCryptError(PORT_GetError()); diff --git a/SPECS/nss.spec b/SPECS/nss.spec index a9127cb..addd8fa 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 8%{?dist} +Release: 9%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -147,6 +147,7 @@ Patch211: nss-leading-zero.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1515342 Patch212: nss-input-check.patch Patch213: nss-3.44-missing-softokn-kdf.patch +Patch218: nss-3.44-encrypt-update.patch %description @@ -920,6 +921,9 @@ update-crypto-policies --no-reload &> /dev/null || : %changelog +* Wed Dec 4 2019 Bob Relyea - 3.44.0-9 +- Fix out-of-bounds write in NSC_EncryptUpdate (#1775912) + * Thu Aug 8 2019 Bob Relyea - 3.44.0-8 - CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for