summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt A. Tobin <email@mattatobin.com>2022-04-09 03:03:10 -0500
committerMatt A. Tobin <email@mattatobin.com>2022-04-09 03:21:13 -0500
commit560e198a58ffc3b1a135e8879f7c2613e2f72bae (patch)
tree2fba61f183baf1d294c62ec9f5c433eb918d9082
parentcb30ae76259a4d4fbdae48504c73e9bc67da9cd7 (diff)
downloadaura-central-560e198a58ffc3b1a135e8879f7c2613e2f72bae.tar.gz
[NSS/SEC?] Best Guess is a reduced scope CVE-2022-1097
Bug 1745667 - Use-after-free in NSSToken objects I don't know why this bug number isn't the same as the one which ACTUALLY changed this functionality or why Moonzilla only went this far. However, it seems to work as-is but it may be reverted for a more complete patch based on the full bug changes. See also: https://hg.mozilla.org/projects/nss/rev/d7e8c2df6bcaa2d723c94659e67b033a0bdd5ab2 This also bumps the NSS Version to 3.64.1.4 where [Major].[Minor].[Aura Patch].[UXP Patch]
-rw-r--r--libs/nss/src/lib/nss/nss.h6
-rw-r--r--libs/nss/src/lib/pk11wrap/pk11auth.c9
-rw-r--r--libs/nss/src/lib/pk11wrap/pk11slot.c8
-rw-r--r--libs/nss/src/lib/softoken/softkver.h6
-rw-r--r--libs/nss/src/lib/util/nssutil.h6
5 files changed, 21 insertions, 14 deletions
diff --git a/libs/nss/src/lib/nss/nss.h b/libs/nss/src/lib/nss/nss.h
index 48f5003e1..054d9c338 100644
--- a/libs/nss/src/lib/nss/nss.h
+++ b/libs/nss/src/lib/nss/nss.h
@@ -22,11 +22,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.64" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.64.1.4" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 64
-#define NSS_VPATCH 0
-#define NSS_VBUILD 0
+#define NSS_VPATCH 1
+#define NSS_VBUILD 4
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED
diff --git a/libs/nss/src/lib/pk11wrap/pk11auth.c b/libs/nss/src/lib/pk11wrap/pk11auth.c
index c633e53f7..ad8fbad24 100644
--- a/libs/nss/src/lib/pk11wrap/pk11auth.c
+++ b/libs/nss/src/lib/pk11wrap/pk11auth.c
@@ -4,6 +4,7 @@
/*
* This file deals with PKCS #11 passwords and authentication.
*/
+#include "dev.h"
#include "seccomon.h"
#include "secmod.h"
#include "secmodi.h"
@@ -636,9 +637,11 @@ PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
break;
}
if (rv == SECSuccess) {
- if (!contextSpecific && !PK11_IsFriendly(slot)) {
- nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
- slot->nssToken);
+ if (!contextSpecific && !PK11_IsFriendly(slot) && slot->nssToken) {
+ NSSToken *token = nssToken_AddRef(slot->nssToken);
+ nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain,
+ token);
+ nssToken_Destroy(token);
}
} else if (!attempt)
PORT_SetError(SEC_ERROR_BAD_PASSWORD);
diff --git a/libs/nss/src/lib/pk11wrap/pk11slot.c b/libs/nss/src/lib/pk11wrap/pk11slot.c
index 2f805431d..dc2af9535 100644
--- a/libs/nss/src/lib/pk11wrap/pk11slot.c
+++ b/libs/nss/src/lib/pk11wrap/pk11slot.c
@@ -2649,8 +2649,12 @@ PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
PORT_SetError(PK11_MapError(crv));
return SECFailure;
}
- nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
- slot->nssToken);
+ if (slot->nssToken) {
+ NSSToken *token = nssToken_AddRef(slot->nssToken);
+ nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain,
+ token);
+ nssToken_Destroy(token);
+ }
return SECSuccess;
}
void
diff --git a/libs/nss/src/lib/softoken/softkver.h b/libs/nss/src/lib/softoken/softkver.h
index 828267909..88e47734d 100644
--- a/libs/nss/src/lib/softoken/softkver.h
+++ b/libs/nss/src/lib/softoken/softkver.h
@@ -17,11 +17,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.64" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.64.1.4" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 64
-#define SOFTOKEN_VPATCH 0
-#define SOFTOKEN_VBUILD 0
+#define SOFTOKEN_VPATCH 1
+#define SOFTOKEN_VBUILD 4
#define SOFTOKEN_BETA PR_FALSE
#endif /* _SOFTKVER_H_ */
diff --git a/libs/nss/src/lib/util/nssutil.h b/libs/nss/src/lib/util/nssutil.h
index 78e12a790..cb57ddd3b 100644
--- a/libs/nss/src/lib/util/nssutil.h
+++ b/libs/nss/src/lib/util/nssutil.h
@@ -19,11 +19,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.64"
+#define NSSUTIL_VERSION "3.64.1.4"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 64
-#define NSSUTIL_VPATCH 0
-#define NSSUTIL_VBUILD 0
+#define NSSUTIL_VPATCH 1
+#define NSSUTIL_VBUILD 4
#define NSSUTIL_BETA PR_FALSE
SEC_BEGIN_PROTOS