Commit bd2a8ab1 authored by Natanael Copa's avatar Natanael Copa

main/nss: fix CVE-2012-0441

fixes #1214
parent 5ac332d5
......@@ -2,7 +2,7 @@
pkgname=nss
pkgver=3.12.9
_ver=${pkgver//./_}
pkgrel=1
pkgrel=2
pkgdesc="Mozilla Network Security Services"
url="http://www.mozilla.org/projects/security/pki/nss/"
arch="all"
......@@ -11,25 +11,28 @@ depends=
makedepends="nspr-dev sqlite-dev zlib-dev perl"
subpackages="$pkgname-dev $pkgname-tools"
source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src/$pkgname-$pkgver.tar.gz
add_spi+cacert_ca_certs.patch
ssl-renegotiate-transitional.patch
nss-no-rpath.patch
nss.pc.in
nss-config.in
add_spi+cacert_ca_certs.patch
ssl-renegotiate-transitional.patch
cve-2011-3640.patch
CVE-2012-0441.patch
"
depends_dev="nspr-dev"
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
patch -Np1 -i ""$srcdir"/add_spi+cacert_ca_certs.patch" || return 1
patch -Np1 -i ""$srcdir"/ssl-renegotiate-transitional.patch" || return 1
patch -Np0 -i ""$srcdir"/nss-no-rpath.patch" || return 1
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
# Respect LDFLAGS
sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
mozilla/security/coreconf/rules.mk
mozilla/security/coreconf/rules.mk || return 1
}
......@@ -47,9 +50,9 @@ build() {
if [ "$CARCH" = "x86_64" ]; then
export USE_64=1
fi
make -j 1 -C mozilla/security/coreconf || return 1
make -j 1 -C mozilla/security/dbm || return 1
make -j 1 -C mozilla/security/nss || return 1
make -j 1 -C mozilla/security/coreconf OS_RELEASE=2.6 || return 1
make -j 1 -C mozilla/security/dbm OS_RELEASE=2.6 || return 1
make -j 1 -C mozilla/security/nss OS_RELEASE=2.6 || return 1
}
package() {
......@@ -140,9 +143,10 @@ tools() {
}
md5sums="bd32f183ca28440c1744650be31a9ccc nss-3.12.9.tar.gz
e5c97db0c884d5f4cfda21e562dc9bba nss-no-rpath.patch
c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in
46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in
7f39c19b1dfd62d7db7d8bf19f156fed add_spi+cacert_ca_certs.patch
d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch
390afb28ce73a26973c7921c9e18fa2c cve-2011-3640.patch"
b61ff98f6b0d055f55883b4a36d1fa90 nss-no-rpath.patch
c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in
46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in
3774b459c4f7c70e9289249f6f566f48 cve-2011-3640.patch
447db747c4d5b10151a8a65be3bf76e3 CVE-2012-0441.patch"
Index: nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c
===================================================================
--- nss.orig/mozilla/security/nss/lib/softoken/legacydb/keydb.c 2012-06-02 09:40:33.313201758 +0200
+++ nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c 2012-06-02 09:44:24.107462120 +0200
@@ -1790,6 +1790,35 @@
rv = SEC_QuickDERDecodeItem(permarena, pk,
nsslowkey_RSAPrivateKeyTemplate,
&newPrivateKey);
+ if (rv == SECSuccess) {
+ break;
+ }
+ /* Try decoding with the alternative template, but only allow
+ * a zero-length modulus for a secret key object.
+ * See bug 715073.
+ */
+ rv = SEC_QuickDERDecodeItem(permarena, pk,
+ nsslowkey_RSAPrivateKeyTemplate2,
+ &newPrivateKey);
+ /* A publicExponent of 0 is the defining property of a secret
+ * key disguised as an RSA key. When decoding with the
+ * alternative template, only accept a secret key with an
+ * improperly encoded modulus and a publicExponent of 0.
+ */
+ if (rv == SECSuccess) {
+ if (pk->u.rsa.modulus.len == 2 &&
+ pk->u.rsa.modulus.data[0] == SEC_ASN1_INTEGER &&
+ pk->u.rsa.modulus.data[1] == 0 &&
+ pk->u.rsa.publicExponent.len == 1 &&
+ pk->u.rsa.publicExponent.data[0] == 0) {
+ /* Fix the zero-length integer by setting it to 0. */
+ pk->u.rsa.modulus.data = pk->u.rsa.publicExponent.data;
+ pk->u.rsa.modulus.len = pk->u.rsa.publicExponent.len;
+ } else {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ rv = SECFailure;
+ }
+ }
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
pk->keyType = NSSLOWKEYDSAKey;
Index: nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c
===================================================================
--- nss.orig/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c 2012-06-02 09:40:33.313201758 +0200
+++ nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c 2012-06-02 09:42:35.354166672 +0200
@@ -818,11 +818,16 @@
privKey->keyType = NSSLOWKEYRSAKey;
/* The modulus is set to the key id of the symmetric key */
- crv = lg_Attribute2SecItem(arena, CKA_ID, templ, count,
- &privKey->u.rsa.modulus);
- if (crv != CKR_OK) goto loser;
+ privKey->u.rsa.modulus.data =
+ (unsigned char *) PORT_ArenaAlloc(arena, pubkey->len);
+ if (privKey->u.rsa.modulus.data == NULL) {
+ crv = CKR_HOST_MEMORY;
+ goto loser;
+ }
+ privKey->u.rsa.modulus.len = pubkey->len;
+ PORT_Memcpy(privKey->u.rsa.modulus.data, pubkey->data, pubkey->len);
- /* The public exponent is set to 0 length to indicate a special key */
+ /* The public exponent is set to 0 to indicate a special key */
privKey->u.rsa.publicExponent.len = sizeof derZero;
privKey->u.rsa.publicExponent.data = derZero;
Index: nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c
===================================================================
--- nss.orig/mozilla/security/nss/lib/softoken/legacydb/lowkey.c 2012-06-02 09:40:33.317201659 +0200
+++ nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c 2012-06-02 09:45:10.962296923 +0200
@@ -97,6 +97,24 @@
{ 0 }
};
+/*
+ * Allows u.rsa.modulus to be zero length for secret keys with an empty
+ * CKA_ID incorrectly generated in NSS 3.13.3 or earlier. Only used for
+ * decoding. See bug 715073.
+ */
+const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate2[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.version) },
+ { SEC_ASN1_ANY, offsetof(NSSLOWKEYPrivateKey,u.rsa.modulus) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.publicExponent) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.privateExponent) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime1) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime2) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent1) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent2) },
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.coefficient) },
+ { 0 }
+};
const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
Index: nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h
===================================================================
--- nss.orig/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h 2012-06-02 09:40:33.317201659 +0200
+++ nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h 2012-06-02 09:43:25.700914607 +0200
@@ -72,6 +72,7 @@
*/
extern const SEC_ASN1Template nsslowkey_PQGParamsTemplate[];
extern const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[];
+extern const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate2[];
extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
Index: nss/mozilla/security/nss/lib/util/quickder.c
===================================================================
--- nss.orig/mozilla/security/nss/lib/util/quickder.c 2012-06-02 09:40:33.341201062 +0200
+++ nss/mozilla/security/nss/lib/util/quickder.c 2012-06-02 09:42:36.418140213 +0200
@@ -815,40 +815,57 @@
SECItem newtemp = temp;
rv = GetItem(&newtemp, &temp, PR_FALSE);
save = PR_TRUE;
- if ((SECSuccess == rv) && SEC_ASN1_UNIVERSAL == (kind & SEC_ASN1_CLASS_MASK))
- switch (kind & SEC_ASN1_TAGNUM_MASK)
+ if ((SECSuccess == rv) &&
+ SEC_ASN1_UNIVERSAL == (kind & SEC_ASN1_CLASS_MASK))
{
- /* special cases of primitive types */
- case SEC_ASN1_INTEGER:
+ unsigned long tagnum = kind & SEC_ASN1_TAGNUM_MASK;
+ if ( temp.len == 0 && (tagnum == SEC_ASN1_BOOLEAN ||
+ tagnum == SEC_ASN1_INTEGER ||
+ tagnum == SEC_ASN1_BIT_STRING ||
+ tagnum == SEC_ASN1_OBJECT_ID ||
+ tagnum == SEC_ASN1_ENUMERATED ||
+ tagnum == SEC_ASN1_UTC_TIME ||
+ tagnum == SEC_ASN1_GENERALIZED_TIME) )
{
- /* remove leading zeroes if the caller requested siUnsignedInteger
- This is to allow RSA key operations to work */
- SECItem* destItem = (SECItem*) ((char*)dest + templateEntry->offset);
- if (destItem && (siUnsignedInteger == destItem->type))
+ /* these types MUST have at least one content octet */
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ rv = SECFailure;
+ }
+ else
+ switch (tagnum)
+ {
+ /* special cases of primitive types */
+ case SEC_ASN1_INTEGER:
{
- while (temp.len > 1 && temp.data[0] == 0)
- { /* leading 0 */
- temp.data++;
- temp.len--;
+ /* remove leading zeroes if the caller requested
+ siUnsignedInteger
+ This is to allow RSA key operations to work */
+ SECItem* destItem = (SECItem*) ((char*)dest +
+ templateEntry->offset);
+ if (destItem && (siUnsignedInteger == destItem->type))
+ {
+ while (temp.len > 1 && temp.data[0] == 0)
+ { /* leading 0 */
+ temp.data++;
+ temp.len--;
+ }
}
+ break;
}
- break;
- }
- case SEC_ASN1_BIT_STRING:
- {
- /* change the length in the SECItem to be the number of bits */
- if (temp.len && temp.data)
+ case SEC_ASN1_BIT_STRING:
{
- temp.len = (temp.len-1)*8 - ((*(unsigned char*)temp.data) & 0x7);
- temp.data = (unsigned char*)(temp.data+1);
+ /* change the length in the SECItem to be the number
+ of bits */
+ temp.len = (temp.len-1)*8 - (temp.data[0] & 0x7);
+ temp.data++;
+ break;
}
- break;
- }
- default:
- {
- break;
+ default:
+ {
+ break;
+ }
}
}
}
@@ -863,7 +880,7 @@
If part of the destination was allocated by the decoder, in
cases of POINTER, SET OF and SEQUENCE OF, then type is set to
siBuffer due to the use of PORT_ArenaZAlloc*/
- destItem->data = temp.data;
+ destItem->data = temp.len ? temp.data : NULL;
destItem->len = temp.len;
}
else
Index: mozilla/security/nss/lib/softoken/sftkmod.c
Index: ./mozilla/security/nss/lib/softoken/sftkmod.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v
retrieving revision 1.8
diff -p -u -r1.8 sftkmod.c
--- mozilla/security/nss/lib/softoken/sftkmod.c 15 Jan 2011 20:59:11 -0000 1.8
+++ mozilla/security/nss/lib/softoken/sftkmod.c 2 Oct 2011 14:45:28 -0000
--- ./mozilla/security/nss/lib/softoken/sftkmod.c 15 Jan 2011 20:59:11 -0000 1.8
+++ ./mozilla/security/nss/lib/softoken/sftkmod.c 2 Oct 2011 14:45:28 -0000
@@ -179,15 +179,18 @@ char *sftk_getOldSecmodName(const char *
char *sep;
......@@ -102,13 +102,13 @@ diff -p -u -r1.8 sftkmod.c
if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw);
}
Index: mozilla/security/nss/lib/softoken/sftkpars.c
Index: ./mozilla/security/nss/lib/softoken/sftkpars.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v
retrieving revision 1.11
diff -p -u -r1.11 sftkpars.c
--- mozilla/security/nss/lib/softoken/sftkpars.c 18 Jun 2010 04:09:27 -0000 1.11
+++ mozilla/security/nss/lib/softoken/sftkpars.c 2 Oct 2011 14:45:29 -0000
--- ./mozilla/security/nss/lib/softoken/sftkpars.c 18 Jun 2010 04:09:27 -0000 1.11
+++ ./mozilla/security/nss/lib/softoken/sftkpars.c 2 Oct 2011 14:45:29 -0000
@@ -607,6 +607,7 @@ sftk_getSecmodName(char *param, SDBType
char *value = NULL;
char *save_params = param;
......
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100
+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100
--- ././mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100
+++ ././mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100
@@ -52,9 +52,9 @@
ifeq ($(OS_ARCH), Linux)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment