Fix bugs in the code in ssl3_HandleHandshakeMessage that handles a

CertificateStatus message.

The patch has been reviewed in the NSS bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=867795#c5
https://bugzilla.mozilla.org/show_bug.cgi?id=867795#c16
https://bugzilla.mozilla.org/show_bug.cgi?id=867795#c19

TBR=rsleevi@chromium.org
BUG=233732
TEST=none

Review URL: https://chromiumcodereview.appspot.com/14722009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@198479 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 99 insertions, 18 deletions

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 55b3ec6..da795cd 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -95,6 +95,11 @@ Patches:
     patches/unusedvariables.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=866949
 
+  * Fix bugs in the code in ssl3_HandleHandshakeMessage that handles a
+    CertificateStatus message.
+    patches/handlecertstatus.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=867795
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index e90b14d..00f9449 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -45,3 +45,5 @@ patch -p4 < $patches_dir/suitebonly.patch
 patch -p4 < $patches_dir/secitemarray.patch
 
 patch -p4 < $patches_dir/unusedvariables.patch
+
+patch -p4 < $patches_dir/handlecertstatus.patch
diff --git a/net/third_party/nss/patches/handlecertstatus.patch b/net/third_party/nss/patches/handlecertstatus.patch
new file mode 100644
index 0000000..48ddfdb
--- /dev/null
+++ b/net/third_party/nss/patches/handlecertstatus.patch
@@ -0,0 +1,64 @@
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-05-04 11:26:17.636818185 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-05-04 11:24:00.074886386 -0700
+@@ -9952,21 +9952,31 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+      * get one when it is allowed, but otherwise we just carry on.
+      */
+     if (ss->ssl3.hs.ws == wait_certificate_status) {
+-       /* We must process any CertificateStatus message before we call
+-        * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled OCSP
+-        * response we get.
+-        */
+-       if (ss->ssl3.hs.msg_type == certificate_status) {
+-           rv = ssl3_HandleCertificateStatus(ss, b, length);
+-           if (rv != SECSuccess)
+-               return rv;
+-       }
++        /* We must process any CertificateStatus message before we call
++         * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled
++         * OCSP response we get.
++         */
++        if (ss->ssl3.hs.msg_type == certificate_status) {
++            rv = ssl3_HandleCertificateStatus(ss, b, length);
++            if (rv != SECSuccess)
++                return rv;
++            if (IS_DTLS(ss)) {
++                /* Increment the expected sequence number */
++                ss->ssl3.hs.recvMessageSeq++;
++            }
++        }
+ 
+-       /* Regardless of whether we got a CertificateStatus message, we must
+-        * authenticate the cert before we handle any more handshake messages.
+-        */
+-       rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+-    } else switch (ss->ssl3.hs.msg_type) {
++        /* Regardless of whether we got a CertificateStatus message, we must
++         * authenticate the cert before we handle any more handshake messages.
++         */
++        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
++        PORT_Assert(rv != SECWouldBlock);
++        if (rv != SECSuccess || ss->ssl3.hs.msg_type == certificate_status) {
++            return rv;
++        }
++    }
++
++    switch (ss->ssl3.hs.msg_type) {
+     case hello_request:
+ 	if (length != 0) {
+ 	    (void)ssl3_DecodeError(ss);
+@@ -10008,10 +10018,10 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+ 	rv = ssl3_HandleCertificate(ss, b, length);
+ 	break;
+     case certificate_status:
+-       /* The good case is handled above */
+-       PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
+-       rv = SECFailure;
+-       break;
++	/* The good case is handled above */
++	(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
++	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
++	return SECFailure;
+     case server_key_exchange:
+ 	if (ss->sec.isServer) {
+ 	    (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 2ac155f..5e149e0 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -9952,21 +9952,31 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      * get one when it is allowed, but otherwise we just carry on.
      */
     if (ss->ssl3.hs.ws == wait_certificate_status) {
-       /* We must process any CertificateStatus message before we call
-        * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled OCSP
-        * response we get.
-        */
-       if (ss->ssl3.hs.msg_type == certificate_status) {
-           rv = ssl3_HandleCertificateStatus(ss, b, length);
-           if (rv != SECSuccess)
-               return rv;
-       }
+        /* We must process any CertificateStatus message before we call
+         * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled
+         * OCSP response we get.
+         */
+        if (ss->ssl3.hs.msg_type == certificate_status) {
+            rv = ssl3_HandleCertificateStatus(ss, b, length);
+            if (rv != SECSuccess)
+                return rv;
+            if (IS_DTLS(ss)) {
+                /* Increment the expected sequence number */
+                ss->ssl3.hs.recvMessageSeq++;
+            }
+        }
 
-       /* Regardless of whether we got a CertificateStatus message, we must
-        * authenticate the cert before we handle any more handshake messages.
-        */
-       rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
-    } else switch (ss->ssl3.hs.msg_type) {
+        /* Regardless of whether we got a CertificateStatus message, we must
+         * authenticate the cert before we handle any more handshake messages.
+         */
+        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+        PORT_Assert(rv != SECWouldBlock);
+        if (rv != SECSuccess || ss->ssl3.hs.msg_type == certificate_status) {
+            return rv;
+        }
+    }
+
+    switch (ss->ssl3.hs.msg_type) {
     case hello_request:
 	if (length != 0) {
 	    (void)ssl3_DecodeError(ss);
@@ -10008,10 +10018,10 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	rv = ssl3_HandleCertificate(ss, b, length);
 	break;
     case certificate_status:
-       /* The good case is handled above */
-       PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
-       rv = SECFailure;
-       break;
+	/* The good case is handled above */
+	(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
+	return SECFailure;
     case server_key_exchange:
 	if (ss->sec.isServer) {
 	    (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);