Fix crash in tls13_DestroyKeyShares

https://bugzilla.mozilla.org/show_bug.cgi?id=1342358
2017-03-16 13:19:37 +01:00 · 2017-03-16 13:19:37 +01:00 · 51ea22c0ae
parent 59d6576ae3
commit 51ea22c0ae
2 changed files with 62 additions and 1 deletions
--- a/nss-init-extension-data-early.patch
+++ b/nss-init-extension-data-early.patch
@ -0,0 +1,55 @@
+# HG changeset patch
+# User Tim Taubert <ttaubert@mozilla.com>
+# Date 1488574640 -3600
+#      Fri Mar 03 21:57:20 2017 +0100
+# Branch NSS_3_28_BRANCH
+# Node ID b8145d465ad4086439c4e52df434d9046949127a
+# Parent  3b9ccd6b37c7242f69404fa4a444b43efb12e319
+Bug 1342358 - Make sure xtnData->remoteKeyShares was initialized before calling tls13_DestroyKeyShares() r=franziskus
+
+Differential Revision: https://nss-review.dev.mozaws.net/D234
+
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
+@@ -13294,8 +13294,6 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+     tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData);
+ 
+     ss->ssl3.initialized = PR_FALSE;
+-
+-    SECITEM_FreeItem(&ss->xtnData.nextProto, PR_FALSE);
+ }
+ 
+ #define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER)
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
+@@ -3704,6 +3704,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+     PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
+     PR_INIT_CLIST(&ss->ssl3.hs.cipherSpecs);
+     PR_INIT_CLIST(&ss->ssl3.hs.bufferedEarlyData);
+    ssl3_InitExtensionData(&ss->xtnData);
+     if (makeLocks) {
+         rv = ssl_MakeLocks(ss);
+         if (rv != SECSuccess)
+@@ -3715,7 +3716,6 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+     rv = ssl3_InitGather(&ss->gs);
+     if (rv != SECSuccess)
+         goto loser;
+-    ssl3_InitExtensionData(&ss->xtnData);
+     return ss;
+ 
+ loser:
+diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
+--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
+@@ -2853,6 +2853,9 @@ tls13_DestroyKeyShares(PRCList *list)
+ {
+     PRCList *cur_p;
+ 
+    /* The list must be initialized. */
+    PORT_Assert(PR_LIST_HEAD(list));
+
+     while (!PR_CLIST_IS_EMPTY(list)) {
+         cur_p = PR_LIST_TAIL(list);
+         PR_REMOVE_LINK(cur_p);
--- a/nss.spec
+++ b/nss.spec
@ -21,7 +21,7 @@ Name:             nss
 Version:          3.28.3
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release:          1.0%{?dist}
+Release:          1.1%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -112,6 +112,8 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
 Patch59: nss-check-policy-file.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1280846
 Patch62: nss-skip-util-gtest.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1342358
+Patch63: nss-init-extension-data-early.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -195,6 +197,7 @@ low level services.
 pushd nss
 %patch59 -p1 -b .check_policy_file
 %patch62 -p0 -b .skip_util_gtest
+%patch63 -p1 -b .init_extension_data_early
 popd

 #########################################################
@ -803,6 +806,9 @@ fi


 %changelog
+* Thu Mar 16 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-1.1
+- Fix crash in tls13_DestroyKeyShares
+
 * Tue Feb 21 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-1.0
 - Rebase to NSS 3.28.3