!34 Fix CVE-2022-4132

From: @starlet-dx Reviewed-by: @wk333 Signed-off-by: @wk333
2025-02-17 09:18:30 +00:00 · 2025-02-17 09:18:30 +00:00 · 751ceddc3c
commit 751ceddc3c
parent e4b35d1a87 1e66202e5c
2 changed files with 46 additions and 3 deletions
--- a/CVE-2022-4132.patch
+++ b/CVE-2022-4132.patch
@ -0,0 +1,39 @@
+From bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6 Mon Sep 17 00:00:00 2001
+From: Marco Fargetta <mfargett@redhat.com>
+Date: Thu, 25 May 2023 18:22:21 +0200
+Subject: [PATCH] Fix OoM in JSSEngineReferenceImpl object
+
+If TLS connection is terminated by the server with a `close_notify`
+tomcat will call the `closeOutbound()` method but the `closeInbound()`
+is never called so the cleanup cannot be done at the end.
+
+It is possible to test the problem with a tomcat instance. If the option
+`-H 'Connection: close'` is present only the `closeoutbound()` is called.
+---
+ .../org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java   | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
+index 1f0e10b31..cdd65f7ad 100644
+--- a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
+++ b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
+@@ -1588,6 +1588,11 @@ public SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffe
+         if (is_outbound_closed) {
+             debug("Socket is currently closed.");
+             handshake_status = SSLEngineResult.Status.CLOSED;
+            if(as_server) {
+                // If is_outbound_closed is true there is no need to wait
+                // for the receipt the peer's close_notify message.
+                closeInbound();
+            }
+         }
+ 
+         debug("JSSEngine.wrap() - Finished");
+@@ -1699,7 +1704,6 @@ protected void finalize() {
+         cleanup();
+     }
+ 
+-
+     private class CertValidationTask extends CertAuthHandler {
+         public CertValidationTask(SSLFDProxy fd) {
+             super(fd);
--- a/jss.spec
+++ b/jss.spec
@ -9,9 +9,12 @@ Summary:       Java Security Services
 URL:           http://www.dogtagpki.org/wiki/JSS
 License:       MPLv1.1 or GPLv2+ or LGPLv2+
 Version:       5.4.2
-Release:       1
+Release:       2
 Source0:       https://github.com/dogtagpki/jss/archive/v%{version}/%{name}-%{version}.tar.gz 

+Patch0:        support-clang-build.patch
+Patch1:        CVE-2022-4132.patch
+
 BuildRequires: make cmake >= 3.14 gcc-c++ nspr-devel >= 4.13.1 nss-devel >= 3.66 nss-tools >= 3.66
 BuildRequires: jpackage-utils slf4j glassfish-jaxb-api slf4j-jdk14 apache-commons-codec junit
 BuildRequires: zip unzip java-17-openjdk-devel apache-commons-lang3
@ -20,8 +23,6 @@ Requires:      nss >= 3.66  jpackage-utils slf4j slf4j-jdk14 java-17-openjdk-hea

 Conflicts:     ldapjdk < 4.20 idm-console-framework < 1.2 tomcatjss < 7.6.0 pki-base < 10.10.0

-Patch1: support-clang-build.patch
-
 %description
 JSS offers a implementation for java-based applications to use native NSS.

@ -84,6 +85,9 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA
 %{_javadocdir}/jss/

 %changelog
+* Mon Feb 17 2025 yaoxin <1024769339@qq.com> - 5.4.2-2
+- Fix CVE-2022-4132
+
 * Tue Jan 09 2024 yaoxin <yao_xin001@hoperun.com> - 5.4.2-1
 - Upgrade to 5.4.2