!39 [sync] PR-35: Fix CVE-2022-4132

From: @openeuler-sync-bot Reviewed-by: @starlet-dx Signed-off-by: @starlet-dx
2025-02-18 00:33:32 +00:00 · 2025-02-18 00:33:32 +00:00 · 612f18a25c
commit 612f18a25c
parent 97b4efcbe8 86549c3798
2 changed files with 47 additions and 1 deletions
--- a/CVE-2022-4132.patch
+++ b/CVE-2022-4132.patch
@ -0,0 +1,41 @@
+From bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6 Mon Sep 17 00:00:00 2001
+From: Marco Fargetta <mfargett@redhat.com>
+Date: Thu, 25 May 2023 18:22:21 +0200
+Subject: [PATCH] Fix OoM in JSSEngineReferenceImpl object
+
+If TLS connection is terminated by the server with a `close_notify`
+tomcat will call the `closeOutbound()` method but the `closeInbound()`
+is never called so the cleanup cannot be done at the end.
+
+It is possible to test the problem with a tomcat instance. If the option
+`-H 'Connection: close'` is present only the `closeoutbound()` is called.
+
+Origin: https://github.com/dogtagpki/jss/commit/bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6
+---
+ .../org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java   | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java b/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
+index 1f0e10b31..cdd65f7ad 100644
+--- a/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
+++ b/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
+@@ -1588,6 +1588,11 @@ public SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffe
+         if (is_outbound_closed) {
+             debug("Socket is currently closed.");
+             handshake_status = SSLEngineResult.Status.CLOSED;
+            if(as_server) {
+                // If is_outbound_closed is true there is no need to wait
+                // for the receipt the peer's close_notify message.
+                closeInbound();
+            }
+         }
+ 
+         debug("JSSEngine.wrap() - Finished");
+@@ -1699,7 +1704,6 @@ protected void finalize() {
+         cleanup();
+     }
+ 
+-
+     private class CertValidationTask extends CertAuthHandler {
+         public CertValidationTask(SSLFDProxy fd) {
+             super(fd);
--- a/jss.spec
+++ b/jss.spec
@ -3,9 +3,11 @@ Summary:       Java Security Services
 URL:           http://www.dogtagpki.org/wiki/JSS
 License:       MPLv1.1 or GPLv2+ or LGPLv2+
 Version:       5.1.0
-Release:       2
+Release:       3
 Source:        https://github.com/dogtagpki/jss/archive/v%{version}/jss-%{version}.tar.gz

+Patch0:        CVE-2022-4132.patch
+
 BuildRequires: make cmake gcc-c++ nspr-devel >= 4.13.1 nss-devel >= 3.30 nss-tools >= 3.30 java-devel
 BuildRequires: jpackage-utils slf4j glassfish-jaxb-api slf4j-jdk14 apache-commons-lang apache-commons-codec
 BuildRequires: junit
@ -84,6 +86,9 @@ cp -rp build/docs/* jss.html *.txt $RPM_BUILD_ROOT%{_javadocdir}/jss-%{version}
 %{_javadocdir}/jss-%{version}/

 %changelog
+* Mon Feb 17 2025 yaoxin <1024769339@qq.com> - 5.1.0-3
+- Fix CVE-2022-4132
+
 * Thu Nov 10 2022 caodongxia <caodongxia@h-partners.com> - 5.1.0-2
 - Modify invalid source0