summary refs log tree commit diff
path: root/gnu/packages/patches/nss-CVE-2019-11745.patch
blob: ae0eeda3c84de6cb15589f4b0e149f62288f59b0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
than the block size to NSC_EncryptUpdate).

Copied from Debian, equivalent to upstream fix:
<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.

# HG changeset patch
# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
# Date 1574189697 25200
# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
# Parent  64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus

--- a/nss/lib/softoken/pkcs11c.c
+++ b/nss/lib/softoken/pkcs11c.c
@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
             }
             /* encrypt the current padded data */
             rv = (*context->update)(context->cipherInfo, pEncryptedPart,
-                                    &padoutlen, context->blockSize, context->padBuf,
+                                    &padoutlen, maxout, context->padBuf,
                                     context->blockSize);
             if (rv != SECSuccess) {
                 return sftk_MapCryptError(PORT_GetError());