diff -Nru nss-3.28.4/debian/changelog nss-3.28.4/debian/changelog --- nss-3.28.4/debian/changelog 2017-06-16 12:13:46.000000000 +0000 +++ nss-3.28.4/debian/changelog 2017-09-29 12:54:11.000000000 +0000 @@ -1,3 +1,12 @@ +nss (2:3.28.4-0ubuntu0.16.04.3) xenial-security; urgency=medium + + * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes + - debian/patches/CVE-2017-7805.patch: Simplify handling of + CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h. + - CVE-2017-7805 + + -- Marc Deslauriers Fri, 29 Sep 2017 08:54:11 -0400 + nss (2:3.28.4-0ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: DoS via empty SSLv2 messages diff -Nru nss-3.28.4/debian/patches/CVE-2017-7805.patch nss-3.28.4/debian/patches/CVE-2017-7805.patch --- nss-3.28.4/debian/patches/CVE-2017-7805.patch 1970-01-01 00:00:00.000000000 +0000 +++ nss-3.28.4/debian/patches/CVE-2017-7805.patch 2017-09-29 12:54:07.000000000 +0000 @@ -0,0 +1,66 @@ +Backport of: + +# HG changeset patch +# User Martin Thomson +# Date 1501813647 -36000 +# Node ID 839200ce0943166a079284bdf45dcc37bb672925 +# Parent 6254e8431392863fd0aa7e70c311add48af05775 +Bug 1377618 - Simplify handling of CertificateVerify, r=kaie + +Index: nss-3.28.4/nss/lib/ssl/ssl3con.c +=================================================================== +--- nss-3.28.4.orig/nss/lib/ssl/ssl3con.c 2017-09-29 08:50:13.360518595 -0400 ++++ nss-3.28.4/nss/lib/ssl/ssl3con.c 2017-09-29 08:50:13.356518549 -0400 +@@ -9774,13 +9774,12 @@ ssl3_HandleCertificateVerify(sslSocket * + + hashAlg = ssl_SignatureSchemeToHashType(sigScheme); + +- if (hashes->u.pointer_to_hash_input.data) { +- rv = ssl3_ComputeHandshakeHash(hashes->u.pointer_to_hash_input.data, +- hashes->u.pointer_to_hash_input.len, +- hashAlg, &localHashes); +- } else { +- rv = SECFailure; +- } ++ /* Read from the message buffer, but we need to use only up to the end ++ * of the previous handshake message. The length of the transcript up to ++ * that point is saved in |hashes->u.transcriptLen|. */ ++ rv = ssl3_ComputeHandshakeHash(ss->ssl3.hs.messages.buf, ++ hashes->u.transcriptLen, ++ hashAlg, &localHashes); + + if (rv == SECSuccess) { + hashesForVerify = &localHashes; +@@ -11680,15 +11679,15 @@ ssl3_HandleHandshakeMessage(sslSocket *s + * additional handshake messages will have been added to the + * buffer, e.g. the certificate_verify message itself.) + * +- * Therefore, we use SSL3Hashes.u.pointer_to_hash_input +- * to signal the current state of the buffer. ++ * Therefore, we use SSL3Hashes.u.transcriptLen to save how much ++ * data there is and read directly from ss->ssl3.hs.messages ++ * when calculating the hashes. + * + * ssl3_HandleCertificateVerify will detect + * hashType == handshake_hash_record + * and use that information to calculate the hash. + */ +- hashes.u.pointer_to_hash_input.data = ss->ssl3.hs.messages.buf; +- hashes.u.pointer_to_hash_input.len = ss->ssl3.hs.messages.len; ++ hashes.u.transcriptLen = ss->ssl3.hs.messages.len; + hashesPtr = &hashes; + } else { + computeHashes = PR_TRUE; +Index: nss-3.28.4/nss/lib/ssl/ssl3prot.h +=================================================================== +--- nss-3.28.4.orig/nss/lib/ssl/ssl3prot.h 2017-09-29 08:50:13.360518595 -0400 ++++ nss-3.28.4/nss/lib/ssl/ssl3prot.h 2017-09-29 08:50:42.164845265 -0400 +@@ -237,7 +237,7 @@ typedef struct { + union { + PRUint8 raw[64]; + SSL3HashesIndividually s; +- SECItem pointer_to_hash_input; ++ unsigned int transcriptLen; + } u; + } SSL3Hashes; + diff -Nru nss-3.28.4/debian/patches/series nss-3.28.4/debian/patches/series --- nss-3.28.4/debian/patches/series 2017-06-16 12:13:39.000000000 +0000 +++ nss-3.28.4/debian/patches/series 2017-09-29 12:54:07.000000000 +0000 @@ -3,3 +3,4 @@ 80_security_tools.patch 85_security_load.patch CVE-2017-7502.patch +CVE-2017-7805.patch