From f73f3051ac22636c2528d8091776d6528a05dde8 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 27 Feb 2024 10:04:36 +0800 Subject: [PATCH] Fix CVE-2022-3479 (cherry picked from commit 82898051a86b41496bc1e6e584572b939c4c421b) --- CVE-2022-3479.patch | 61 +++++++++++++++++++++++++++++++++++++++++++++ firefox.spec | 7 +++++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-3479.patch diff --git a/CVE-2022-3479.patch b/CVE-2022-3479.patch new file mode 100644 index 0000000..efec561 --- /dev/null +++ b/CVE-2022-3479.patch @@ -0,0 +1,61 @@ + +# HG changeset patch +# User Robert Relyea +# Date 1670534238 28800 +# Node ID a7f363511333b8062945557607691002fd6e40b9 +# Parent 89a562b7cf3d3c501ee49143e0b12c7d0f330a69 +Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database. + +The filter functions do not handle NULL CERTCertLists, but CERT_FindUserCertsByUsage can return a NULL cert list. If it returns a NULL list, we should just +fail at the point (there are no certs available). + +Differential Revision: https://phabricator.services.mozilla.com/D164273 + +Origin: https://hg.mozilla.org/projects/nss/rev/a7f363511333b8062945557607691002fd6e40b9 + +diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c +--- a/security/nss/lib/ssl/authcert.c ++++ b/security/nss/lib/ssl/authcert.c +@@ -201,36 +201,36 @@ NSS_GetClientAuthData(void *arg, + + /* otherwise look through the cache based on usage + * if chosenNickname is set, we ignore the expiration date */ + if (certList == NULL) { + certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), + certUsageSSLClient, + PR_FALSE, chosenNickName == NULL, + pw_arg); ++ if (certList == NULL) { ++ return SECFailure; ++ } + /* filter only the certs that meet the nickname requirements */ + if (chosenNickName) { + rv = CERT_FilterCertListByNickname(certList, chosenNickName, + pw_arg); + } else { + int nnames = 0; + char **names = ssl_DistNamesToStrings(caNames, &nnames); + rv = CERT_FilterCertListByCANames(certList, nnames, names, + certUsageSSLClient); + ssl_FreeDistNamesStrings(names, nnames); + } + if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) { + CERT_DestroyCertList(certList); +- certList = NULL; ++ return SECFailure; + } + } +- if (certList == NULL) { +- /* no user certs meeting the nickname/usage requirements found */ +- return SECFailure; +- } ++ + /* now remove any certs that can't meet the connection requirements */ + rv = ssl_FilterClientCertListBySSLSocket(ss, certList); + if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) { + // no certs left. + CERT_DestroyCertList(certList); + return SECFailure; + } + + diff --git a/firefox.spec b/firefox.spec index fa87530..3545597 100644 --- a/firefox.spec +++ b/firefox.spec @@ -148,7 +148,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 102.15.0 -Release: 4 +Release: 5 URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -244,6 +244,7 @@ Patch428: CVE-2023-4863-2.patch # https://hg.mozilla.org/mozilla-central/raw-rev/c53f5ef77b62b79af86951a7f9130e1896b695d2 Patch429: CVE-2023-5217.patch Patch430: CVE-2023-7104.patch +Patch431: CVE-2022-3479.patch # PGO/LTO patches Patch600: pgo.patch @@ -541,6 +542,7 @@ to run Firefox explicitly on X11. %patch428 -p1 %patch429 -p1 %patch430 -p1 +%patch431 -p1 # PGO patches %if %{build_with_pgo} @@ -1135,6 +1137,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Tue Feb 27 2024 yaoxin - 102.15.0-5 +- Fix CVE-2022-3479 + * Tue Jan 02 2024 wangkai <13474090681@163.com> - 102.15.0-4 - Fix CVE-2023-7104 -- Gitee