Bug 1688685 - land NSS NSS_3_62_BETA1 UPGRADE_NSS_RELEASE, r=mt

``` 2021-02-05 Danh <congdanhqx@gmail.com> * gtests/manifest.mn: Bug 1688374 - Fix parallel build NSS-3.61 with make. r=kjacobs [a5c857139b37] [NSS_3_62_BETA1] 2021-02-05 Robert Relyea <rrelyea@redhat.com> * lib/libpkix/pkix/util/pkix_tools.c: Bug 1682044 pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt "cachedCertTable" Patch by Andrew Cagney Preliminary Review by Ryan Sleevie Tested against all.sh rrelyea. r=kjacobs (this bug is old) pkix_Build_GatherCerts() has two code paths for creating the list "certsFound": pkix_CacheCert_Lookup() this sets "certsFound" to a new list "certsFound" and "cachedCertTable" share items but not the list pkix_CacheCert_Add(pkix_pl_Pk11CertStore_CertQuery()) this sets "certsFound" to a new list; and then adds the list to "cachedCertTable" "certsFound" and "cachedCertTable" share a linked list Because the latter doesn't create a separate list, deleting list elements from "certsFound" can also delete list elements from within "cacheCertTable". And if this happens while pkix_CacheCert_Lookup() is trying to update the same element's reference, a core dump can result. In detail (note that reference counts may occasionally seem off by 1, its because data is being captured before function local variables release their reference): pkix_Build_GatherCerts() calls pkix_pl_Pk11CertStore_CertQuery() (via a pointer) to sets "certsFound": PKIX_CHECK(getCerts (certStore, state->certSel, state->verifyNode, &nbioContext, &certsFound, plContext), PKIX_GETCERTSFAILED); it then calls: PKIX_CHECK(pkix_CacheCert_Add (certStore, certSelParams, certsFound, plContext), PKIX_CACHECERTADDFAILED); [dafda4eee75c] ``` Differential Revision: https://phabricator.services.mozilla.com/D105209
2024-10-07 18:04:46 +00:00 · 2021-02-16 10:39:36 +00:00 · 2021-02-16 10:39:36 +00:00 · 6dfa84bd39
commit 6dfa84bd39
parent a228cdaaa6
4 changed files with 9 additions and 2 deletions
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@ -1 +1 @@
-fc3a4c142c16
+NSS_3_62_BETA1
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@ -10,3 +10,4 @@
 */

 #error "Do not include this header file."
+
--- a/security/nss/gtests/manifest.mn
+++ b/security/nss/gtests/manifest.mn
@ -41,6 +41,7 @@ certdb_gtest: common
 certhigh_gtest: common
 cryptohi_gtest: common
 der_gtest: common
+freebl_gtest: common
 pk11_gtest: common pkcs11testmodule
 smime_gtest: common
 softoken_gtest: common
--- a/security/nss/lib/libpkix/pkix/util/pkix_tools.c
+++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.c
@ -1163,6 +1163,7 @@ pkix_CacheCert_Add(
 {
        PKIX_List *cachedKeys = NULL;
        PKIX_List *cachedValues = NULL;
+        PKIX_List *cachedCerts = NULL;
        PKIX_PL_Date *cacheValidUntilDate = NULL;
        PKIX_PL_X500Name *subject = NULL;
        PKIX_Error *cachedCertError = NULL;
@ -1219,9 +1220,12 @@ pkix_CacheCert_Add(
                plContext),
                PKIX_LISTAPPENDITEMFAILED);

+        PKIX_DUPLICATE(certs, &cachedCerts, plContext,
+                PKIX_OBJECTDUPLICATELISTFAILED);
+
        PKIX_CHECK(PKIX_List_AppendItem
                (cachedValues,
-                (PKIX_PL_Object *)certs,
+                (PKIX_PL_Object *)cachedCerts,
                plContext),
                PKIX_LISTAPPENDITEMFAILED);

@ -1243,6 +1247,7 @@ cleanup:
        PKIX_DECREF(subject);
        PKIX_DECREF(cachedKeys);
        PKIX_DECREF(cachedValues);
+        PKIX_DECREF(cachedCerts);
        PKIX_DECREF(cacheValidUntilDate);
        PKIX_DECREF(cachedCertError);