From a1dbbb05d149cbf92a1e6eba5d8c5f947f146d1d Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Mon, 17 Feb 2025 15:29:10 +0800 Subject: [PATCH] Fix CVE-2022-4132 (cherry picked from commit 1e66202e5c168aacd8279cc13d6ae9e345b4cb3c) --- CVE-2022-4132.patch | 39 +++++++++++++++++++++++++++++++++++++++ jss.spec | 10 +++++++--- 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 CVE-2022-4132.patch diff --git a/CVE-2022-4132.patch b/CVE-2022-4132.patch new file mode 100644 index 0000000..48da59a --- /dev/null +++ b/CVE-2022-4132.patch @@ -0,0 +1,39 @@ +From bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6 Mon Sep 17 00:00:00 2001 +From: Marco Fargetta +Date: Thu, 25 May 2023 18:22:21 +0200 +Subject: [PATCH] Fix OoM in JSSEngineReferenceImpl object + +If TLS connection is terminated by the server with a `close_notify` +tomcat will call the `closeOutbound()` method but the `closeInbound()` +is never called so the cleanup cannot be done at the end. + +It is possible to test the problem with a tomcat instance. If the option +`-H 'Connection: close'` is present only the `closeoutbound()` is called. +--- + .../org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java +index 1f0e10b31..cdd65f7ad 100644 +--- a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java ++++ b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java +@@ -1588,6 +1588,11 @@ public SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffe + if (is_outbound_closed) { + debug("Socket is currently closed."); + handshake_status = SSLEngineResult.Status.CLOSED; ++ if(as_server) { ++ // If is_outbound_closed is true there is no need to wait ++ // for the receipt the peer's close_notify message. ++ closeInbound(); ++ } + } + + debug("JSSEngine.wrap() - Finished"); +@@ -1699,7 +1704,6 @@ protected void finalize() { + cleanup(); + } + +- + private class CertValidationTask extends CertAuthHandler { + public CertValidationTask(SSLFDProxy fd) { + super(fd); diff --git a/jss.spec b/jss.spec index 32c4af7..0f26855 100644 --- a/jss.spec +++ b/jss.spec @@ -9,9 +9,12 @@ Summary: Java Security Services URL: http://www.dogtagpki.org/wiki/JSS License: MPLv1.1 or GPLv2+ or LGPLv2+ Version: 5.4.2 -Release: 1 +Release: 2 Source0: https://github.com/dogtagpki/jss/archive/v%{version}/%{name}-%{version}.tar.gz +Patch0: support-clang-build.patch +Patch1: CVE-2022-4132.patch + BuildRequires: make cmake >= 3.14 gcc-c++ nspr-devel >= 4.13.1 nss-devel >= 3.66 nss-tools >= 3.66 BuildRequires: jpackage-utils slf4j glassfish-jaxb-api slf4j-jdk14 apache-commons-codec junit BuildRequires: zip unzip java-17-openjdk-devel apache-commons-lang3 @@ -20,8 +23,6 @@ Requires: nss >= 3.66 jpackage-utils slf4j slf4j-jdk14 java-17-openjdk-hea Conflicts: ldapjdk < 4.20 idm-console-framework < 1.2 tomcatjss < 7.6.0 pki-base < 10.10.0 -Patch1: support-clang-build.patch - %description JSS offers a implementation for java-based applications to use native NSS. @@ -84,6 +85,9 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA %{_javadocdir}/jss/ %changelog +* Mon Feb 17 2025 yaoxin <1024769339@qq.com> - 5.4.2-2 +- Fix CVE-2022-4132 + * Tue Jan 09 2024 yaoxin - 5.4.2-1 - Upgrade to 5.4.2 -- Gitee