diff options
author | Matt A. Tobin <email@mattatobin.com> | 2022-04-09 03:03:10 -0500 |
---|---|---|
committer | Matt A. Tobin <email@mattatobin.com> | 2022-04-09 03:21:13 -0500 |
commit | 560e198a58ffc3b1a135e8879f7c2613e2f72bae (patch) | |
tree | 2fba61f183baf1d294c62ec9f5c433eb918d9082 | |
parent | cb30ae76259a4d4fbdae48504c73e9bc67da9cd7 (diff) | |
download | aura-central-560e198a58ffc3b1a135e8879f7c2613e2f72bae.tar.gz |
[NSS/SEC?] Best Guess is a reduced scope CVE-2022-1097
Bug 1745667 - Use-after-free in NSSToken objects
I don't know why this bug number isn't the same as the one which ACTUALLY changed this functionality or why Moonzilla only went this far. However, it seems to work as-is but it may be reverted for a more complete patch based on the full bug changes.
See also: https://hg.mozilla.org/projects/nss/rev/d7e8c2df6bcaa2d723c94659e67b033a0bdd5ab2
This also bumps the NSS Version to 3.64.1.4 where [Major].[Minor].[Aura Patch].[UXP Patch]
-rw-r--r-- | libs/nss/src/lib/nss/nss.h | 6 | ||||
-rw-r--r-- | libs/nss/src/lib/pk11wrap/pk11auth.c | 9 | ||||
-rw-r--r-- | libs/nss/src/lib/pk11wrap/pk11slot.c | 8 | ||||
-rw-r--r-- | libs/nss/src/lib/softoken/softkver.h | 6 | ||||
-rw-r--r-- | libs/nss/src/lib/util/nssutil.h | 6 |
5 files changed, 21 insertions, 14 deletions
diff --git a/libs/nss/src/lib/nss/nss.h b/libs/nss/src/lib/nss/nss.h index 48f5003e1..054d9c338 100644 --- a/libs/nss/src/lib/nss/nss.h +++ b/libs/nss/src/lib/nss/nss.h @@ -22,11 +22,11 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define NSS_VERSION "3.64" _NSS_CUSTOMIZED +#define NSS_VERSION "3.64.1.4" _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 64 -#define NSS_VPATCH 0 -#define NSS_VBUILD 0 +#define NSS_VPATCH 1 +#define NSS_VBUILD 4 #define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/libs/nss/src/lib/pk11wrap/pk11auth.c b/libs/nss/src/lib/pk11wrap/pk11auth.c index c633e53f7..ad8fbad24 100644 --- a/libs/nss/src/lib/pk11wrap/pk11auth.c +++ b/libs/nss/src/lib/pk11wrap/pk11auth.c @@ -4,6 +4,7 @@ /* * This file deals with PKCS #11 passwords and authentication. */ +#include "dev.h" #include "seccomon.h" #include "secmod.h" #include "secmodi.h" @@ -636,9 +637,11 @@ PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session, break; } if (rv == SECSuccess) { - if (!contextSpecific && !PK11_IsFriendly(slot)) { - nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain, - slot->nssToken); + if (!contextSpecific && !PK11_IsFriendly(slot) && slot->nssToken) { + NSSToken *token = nssToken_AddRef(slot->nssToken); + nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain, + token); + nssToken_Destroy(token); } } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD); diff --git a/libs/nss/src/lib/pk11wrap/pk11slot.c b/libs/nss/src/lib/pk11wrap/pk11slot.c index 2f805431d..dc2af9535 100644 --- a/libs/nss/src/lib/pk11wrap/pk11slot.c +++ b/libs/nss/src/lib/pk11wrap/pk11slot.c @@ -2649,8 +2649,12 @@ PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd) PORT_SetError(PK11_MapError(crv)); return SECFailure; } - nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain, - slot->nssToken); + if (slot->nssToken) { + NSSToken *token = nssToken_AddRef(slot->nssToken); + nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain, + token); + nssToken_Destroy(token); + } return SECSuccess; } void diff --git a/libs/nss/src/lib/softoken/softkver.h b/libs/nss/src/lib/softoken/softkver.h index 828267909..88e47734d 100644 --- a/libs/nss/src/lib/softoken/softkver.h +++ b/libs/nss/src/lib/softoken/softkver.h @@ -17,11 +17,11 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define SOFTOKEN_VERSION "3.64" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.64.1.4" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 64 -#define SOFTOKEN_VPATCH 0 -#define SOFTOKEN_VBUILD 0 +#define SOFTOKEN_VPATCH 1 +#define SOFTOKEN_VBUILD 4 #define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/libs/nss/src/lib/util/nssutil.h b/libs/nss/src/lib/util/nssutil.h index 78e12a790..cb57ddd3b 100644 --- a/libs/nss/src/lib/util/nssutil.h +++ b/libs/nss/src/lib/util/nssutil.h @@ -19,11 +19,11 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]" */ -#define NSSUTIL_VERSION "3.64" +#define NSSUTIL_VERSION "3.64.1.4" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 64 -#define NSSUTIL_VPATCH 0 -#define NSSUTIL_VBUILD 0 +#define NSSUTIL_VPATCH 1 +#define NSSUTIL_VBUILD 4 #define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS |