packages/mozjs78
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-29946

Browse Source
This commit is contained in:
lvfei 2024-05-22 17:10:49 +08:00
parent fe2d280460
commit 7936e37d0a
2 changed files with 99 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
CVE-2021-29946.patch Normal file
View File

@ -0,0 +1,94 @@
From e8f9f3b8869e7cd0db4f84d05ebb42c1ccd06395 Mon Sep 17 00:00:00 2001
From: Frederik Braun <fbraun@mozilla.com>
Date: Fri, 19 Mar 2021 14:08:03 +0000 (2021-03-19)
Subject: [PATCH] CVE-2021-29946
---
netwerk/base/nsIOService.cpp | 2 +-
netwerk/test/unit/test_altsvc.js | 57 ++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index 79abb1310f..f72cdf02b8 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -1406,7 +1406,7 @@ nsIOService::AllowPort(int32_t inPort, const char* scheme, bool* _retval) {
return NS_OK;
}
- if (port == 0) {
+ if (port <= 0 || port >= std::numeric_limits<uint16_t>::max()) {
*_retval = false;
return NS_OK;
}
diff --git a/netwerk/test/unit/test_altsvc.js b/netwerk/test/unit/test_altsvc.js
index 57d4357cb3..4c4eaba6b6 100644
--- a/netwerk/test/unit/test_altsvc.js
+++ b/netwerk/test/unit/test_altsvc.js
@@ -468,6 +468,63 @@ function doTest16() {
do_test_finished();
},
});
+ nextTest = doTest19;
do_test_pending();
doTest();
}
+
+// Check we don't connect to blocked ports
+function doTest19() {
+ dump("doTest19()\n");
+ origin = httpFooOrigin;
+ nextTest = testsDone;
+ otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+ Ci.nsIServerSocket
+ );
+ const BAD_PORT_U32 = 6667 + 65536;
+ otherServer.init(BAD_PORT_U32, true, -1);
+ Assert.ok(otherServer.port == 6667, "Trying to listen on port 6667");
+ xaltsvc = "localhost:" + BAD_PORT_U32;
+ dump("Blocked port: " + otherServer.port);
+ waitFor = 500;
+ otherServer.asyncListen({
+ onSocketAccepted() {
+ Assert.ok(false, "Got connection to socket when we didn't expect it!");
+ },
+ onStopListening() {
+ // We get closed when the entire file is done, which guarantees we get the socket accept
+ // if we do connect to the alt-svc header
+ do_test_finished();
+ },
+ });
+ nextTest = doTest20;
+ do_test_pending();
+ doTest();
+}
+function doTest20() {
+ dump("doTest20()\n");
+ origin = httpFooOrigin;
+ nextTest = testsDone;
+ otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+ Ci.nsIServerSocket
+ );
+ const BAD_PORT_U64 = 6666 + 429496729;
+ otherServer.init(6666, true, -1);
+ Assert.ok(otherServer.port == 6666, "Trying to listen on port 6666");
+ xaltsvc = "localhost:" + BAD_PORT_U64;
+ dump("Blocked port: " + otherServer.port);
+ waitFor = 500;
+ otherServer.asyncListen({
+ onSocketAccepted() {
+ Assert.ok(false, "Got connection to socket when we didn't expect it!");
+ },
+ onStopListening() {
+ // We get closed when the entire file is done, which guarantees we get the socket accept
+ // if we do connect to the alt-svc header
+ do_test_finished();
+ },
+ });
+ do_test_pending();
+ doTest();
+}
+
--
2.27.0

6
mozjs78.spec
View File

@ -2,7 +2,7 @@
Name: mozjs%{major}
Version: 78.4.0
Release: 3
Release: 4
Summary: SpiderMonkey JavaScript library
License: MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
@ -26,6 +26,7 @@ Patch10: Fix-build-with-rust-nightly.patch
Patch11: backport-CVE-2023-23599.patch
Patch12: backport-CVE-2023-23601.patch
Patch13: backport-CVE-2023-23602.patch
Patch14: CVE-2021-29946.patch
BuildRequires: autoconf213 cargo clang-devel gcc gcc-c++ perl-devel pkgconfig(libffi) pkgconfig(zlib)
BuildRequires: python3-devel python3-six readline-devel zip nasm llvm llvm-devel icu rust
@ -105,6 +106,9 @@ popd
%doc js/src/README.html
%changelog
* Mon May 13 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-4
- fix CVE-2021-29946
* Mon Apr 08 2024 sunhai <sunhai10@huawei.com> - 78.4.0-3
- fix CVEs