packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2021-29946

Browse Source
This commit is contained in:
lvfei 2024-05-14 18:45:51 +08:00
parent d01a675c91
commit 1d05b051de
2 changed files with 100 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
CVE-2021-29946.patch Normal file
View File

@ -0,0 +1,94 @@
From e8f9f3b8869e7cd0db4f84d05ebb42c1ccd06395 Mon Sep 17 00:00:00 2001
From: Frederik Braun <fbraun@mozilla.com>
Date: Fri, 19 Mar 2021 14:08:03 +0000 (2021-03-19)
Subject: [PATCH] test
---
netwerk/base/nsIOService.cpp | 2 +-
netwerk/test/unit/test_altsvc.js | 57 ++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index 79abb1310f..f72cdf02b8 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -1406,7 +1406,7 @@ nsIOService::AllowPort(int32_t inPort, const char* scheme, bool* _retval) {
return NS_OK;
}
- if (port == 0) {
+ if (port <= 0 || port >= std::numeric_limits<uint16_t>::max()) {
*_retval = false;
return NS_OK;
}
diff --git a/netwerk/test/unit/test_altsvc.js b/netwerk/test/unit/test_altsvc.js
index 57d4357cb3..4c4eaba6b6 100644
--- a/netwerk/test/unit/test_altsvc.js
+++ b/netwerk/test/unit/test_altsvc.js
@@ -468,6 +468,63 @@ function doTest16() {
do_test_finished();
},
});
+ nextTest = doTest19;
do_test_pending();
doTest();
}
+
+// Check we don't connect to blocked ports
+function doTest19() {
+ dump("doTest19()\n");
+ origin = httpFooOrigin;
+ nextTest = testsDone;
+ otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+ Ci.nsIServerSocket
+ );
+ const BAD_PORT_U32 = 6667 + 65536;
+ otherServer.init(BAD_PORT_U32, true, -1);
+ Assert.ok(otherServer.port == 6667, "Trying to listen on port 6667");
+ xaltsvc = "localhost:" + BAD_PORT_U32;
+ dump("Blocked port: " + otherServer.port);
+ waitFor = 500;
+ otherServer.asyncListen({
+ onSocketAccepted() {
+ Assert.ok(false, "Got connection to socket when we didn't expect it!");
+ },
+ onStopListening() {
+ // We get closed when the entire file is done, which guarantees we get the socket accept
+ // if we do connect to the alt-svc header
+ do_test_finished();
+ },
+ });
+ nextTest = doTest20;
+ do_test_pending();
+ doTest();
+}
+function doTest20() {
+ dump("doTest20()\n");
+ origin = httpFooOrigin;
+ nextTest = testsDone;
+ otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+ Ci.nsIServerSocket
+ );
+ const BAD_PORT_U64 = 6666 + 429496729;
+ otherServer.init(6666, true, -1);
+ Assert.ok(otherServer.port == 6666, "Trying to listen on port 6666");
+ xaltsvc = "localhost:" + BAD_PORT_U64;
+ dump("Blocked port: " + otherServer.port);
+ waitFor = 500;
+ otherServer.asyncListen({
+ onSocketAccepted() {
+ Assert.ok(false, "Got connection to socket when we didn't expect it!");
+ },
+ onStopListening() {
+ // We get closed when the entire file is done, which guarantees we get the socket accept
+ // if we do connect to the alt-svc header
+ do_test_finished();
+ },
+ });
+ do_test_pending();
+ doTest();
+}
+
--
2.27.0

7
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 20 Release: 21
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -199,6 +199,7 @@ Patch655: CVE-2022-1802.patch
Patch656: CVE-2023-44488.patch Patch656: CVE-2023-44488.patch
Patch657: CVE-2020-26950.patch Patch657: CVE-2020-26950.patch
Patch658: CVE-2020-26971.patch Patch658: CVE-2020-26971.patch
Patch659: CVE-2021-29946.patch
%if %{?system_nss} %if %{?system_nss}
BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@ -392,6 +393,7 @@ tar -xf %{SOURCE3}
%patch656 -p1 %patch656 -p1
%patch657 -p1 %patch657 -p1
%patch658 -p1 %patch658 -p1
%patch659 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE10} .mozconfig
@ -840,6 +842,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Mon May 13 2024 lvfei <lvfei@kylinos.cn> - 79.0-21
- Fix CVE-2021-29946.patch
* Tue May 07 2024 lvfei <lvfei@kylinos.cn> - 79.0-20 * Tue May 07 2024 lvfei <lvfei@kylinos.cn> - 79.0-20
- Fix CVE-2020-26971 - Fix CVE-2020-26971