diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-02 01:59:36 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-02 01:59:36 +0000 |
| commit | aea012e2b3ef338cbbe4ef157bdb8469176f16b3 (patch) | |
| tree | 430e3b3a000634bbe5a942cb28e68ccb8862e9f5 /net/third_party | |
| parent | ad94f720552aa136a5fee4e936886b80924abf05 (diff) | |
| download | chromium_src-aea012e2b3ef338cbbe4ef157bdb8469176f16b3.zip chromium_src-aea012e2b3ef338cbbe4ef157bdb8469176f16b3.tar.gz chromium_src-aea012e2b3ef338cbbe4ef157bdb8469176f16b3.tar.bz2 | |
Include a fix for NSS bug 934016
BUG=314225
R=wtc@chromium.org, wtc
Review URL: https://codereview.chromium.org/52713015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232552 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
| -rw-r--r-- | net/third_party/nss/README.chromium | 4 | ||||
| -rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 2 | ||||
| -rw-r--r-- | net/third_party/nss/patches/nullcipher_934016.patch | 16 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 5 |
4 files changed, 27 insertions, 0 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index 0e6ef5b..4a0f2d3 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -135,6 +135,10 @@ Patches: https://bugzilla.mozilla.org/show_bug.cgi?id=713933 patches/canfalsestart.patch + * Have the Null Cipher limit output to the maximum allowed + https://bugzilla.mozilla.org/show_bug.cgi?id=934016 + patches/nullcipher_934016.patch + Apply the patches to NSS by running the patches/applypatches.sh script. Read the comments at the top of patches/applypatches.sh for instructions. diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index ec96d22..947cf5e 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -63,3 +63,5 @@ patch -p4 < $patches_dir/ciphersuiteversion.patch patch -p4 < $patches_dir/peercertchain2.patch patch -p4 < $patches_dir/canfalsestart.patch + +patch -p4 < $patches_dir/nullcipher_934016.patch diff --git a/net/third_party/nss/patches/nullcipher_934016.patch b/net/third_party/nss/patches/nullcipher_934016.patch new file mode 100644 index 0000000..6a4b5c6 --- /dev/null +++ b/net/third_party/nss/patches/nullcipher_934016.patch @@ -0,0 +1,16 @@ +diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c +index 8395f61..8b8b758 100644 +--- a/net/third_party/nss/ssl/ssl3con.c ++++ b/net/third_party/nss/ssl/ssl3con.c +@@ -859,6 +859,11 @@ static SECStatus + Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, + const unsigned char *input, int inputLen) + { ++ if (inputLen > maxOutputLen) { ++ *outputLen = 0; /* Match PK11_CipherOp in setting outputLen */ ++ PORT_SetError(SEC_ERROR_OUTPUT_LEN); ++ return SECFailure; ++ } + *outputLen = inputLen; + if (input != output) + PORT_Memcpy(output, input, inputLen); diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 8395f61..8b8b758 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -859,6 +859,11 @@ static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, const unsigned char *input, int inputLen) { + if (inputLen > maxOutputLen) { + *outputLen = 0; /* Match PK11_CipherOp in setting outputLen */ + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } *outputLen = inputLen; if (input != output) PORT_Memcpy(output, input, inputLen); |