From ae712963441add93db4e814728f7d15515e8b9e4 Mon Sep 17 00:00:00 2001
From: z30023234 <zhengxiaoxiao2@huawei.com>
Date: Thu, 25 May 2023 21:28:38 +0800
Subject: [PATCH] fix Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while
 fuzzing. r=nss-reviewers,mt

---
 ...d-shift-in-SSL_CERT_IS-while-fuzzing.patch | 32 +++++++++++++++++++
 nss.spec                                      | 11 +++++--
 2 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 backport-Bug-1749475-Avoid-undefined-shift-in-SSL_CERT_IS-while-fuzzing.patch

diff --git a/backport-Bug-1749475-Avoid-undefined-shift-in-SSL_CERT_IS-while-fuzzing.patch b/backport-Bug-1749475-Avoid-undefined-shift-in-SSL_CERT_IS-while-fuzzing.patch
new file mode 100644
index 0000000..5b5d5c5
--- /dev/null
+++ b/backport-Bug-1749475-Avoid-undefined-shift-in-SSL_CERT_IS-while-fuzzing.patch
@@ -0,0 +1,32 @@
+From f371f1384fa063007513bfb8e0a3966736968c84 Mon Sep 17 00:00:00 2001
+From: "John M. Schanck" <jschanck@mozilla.com>
+Date: Wed, 19 Jan 2022 14:13:38 +0000
+Subject: [PATCH] Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
+ r=nss-reviewers,mt
+
+Differential Revision: https://phabricator.services.mozilla.com/D135731
+
+---
+ lib/ssl/sslcert.c                         | 5 +++++
+ 1 files changed, 5 insertions(+), 0 deletions(-)
+
+diff --git a/lib/ssl/sslcert.c b/lib/ssl/sslcert.c
+--- a/lib/ssl/sslcert.c
++++ b/lib/ssl/sslcert.c
+@@ -203,10 +203,15 @@
+ ssl_FindServerCert(const sslSocket *ss, SSLAuthType authType,
+                    const sslNamedGroupDef *namedCurve)
+ {
+     PRCList *cursor;
+ 
++    /* Bug 1749475: avoid UB while fuzzing session tickets */
++    if ((unsigned)authType >= ssl_auth_size) {
++        return NULL;
++    }
++
+     for (cursor = PR_NEXT_LINK(&ss->serverCerts);
+          cursor != &ss->serverCerts;
+          cursor = PR_NEXT_LINK(cursor)) {
+         sslServerCert *cert = (sslServerCert *)cursor;
+         if (!SSL_CERT_IS(cert, authType)) {
+
diff --git a/nss.spec b/nss.spec
index 5970192..5aade03 100644
--- a/nss.spec
+++ b/nss.spec
@@ -14,7 +14,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          5
+Release:          6
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
@@ -41,8 +41,9 @@ Source15:         system-pkcs11.txt
 Source16:         setup-nsssysinit.sh
 Patch0:           nss-539183.patch
 Patch1:           backport-Bug-1753315-Add-SECMOD_LockedModuleHasRemovableSlots.patch
+Patch2:           backport-CVE-2021-43527.patch
+Patch3:           backport-Bug-1749475-Avoid-undefined-shift-in-SSL_CERT_IS-while-fuzzing.patch
 
-Patch6000:        backport-CVE-2021-43527.patch
 Patch6001:        nss-3.72-sw.patch
 
 %description
@@ -129,7 +130,8 @@ Help document for NSS
 %patch0 -p0 -b .539183
 pushd nss
 %patch1 -p1
-%patch6000 -p1
+%patch2 -p1
+%patch3 -p1
 popd
 %patch6001 -p1
 
@@ -559,6 +561,9 @@ update-crypto-policies &>/dev/null||:
 %doc %{_mandir}/man*
 
 %changelog
+* Thu May 25 2023 zhengxiaoxiao<zhengxiaoxiao2@huawei.com> - 3.72.0-6
+- fix Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. r=nss-reviewers,mt
+
 * Tue Apr 18 2023 jinlun<jinlun@huawei.com> - 3.72.0-5
 - Add SECMOD_LockedModuleHasRemovableSlots to fix firefox and update version.
 
-- 
Gitee