archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2024-09-19 22:08:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
PKGBUILDs/extra/chromium/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch

34 lines
1.1 KiB
Diff
Raw Normal View History

extra/chromium to 43.0.2357.130-1
2015-06-23 05:57:51 +00:00
From 1da1e686a87ad9f95d26786d2b53a1a4c280189f Mon Sep 17 00:00:00 2001
From: agl <agl@chromium.org>
Date: Wed, 20 May 2015 13:20:29 -0700
Subject: [PATCH] NSS: reject DH groups smaller than 1024 bits.
Since some platforms are still using NSS for now, this change mirrors https://boringssl-review.googlesource.com/#/c/4813/ in NSS.
BUG=490240
Review URL: https://codereview.chromium.org/1143303002
Cr-Commit-Position: refs/heads/master@{#330791}
---
net/third_party/nss/ssl/ssl3con.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 89c98ea..861d434 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
- if (dh_p.len < 512/8) {
+ if (dh_p.len < 1024/8 ||
+ (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
goto alert_loser;
}
--
2.4.2
Reference in a new issue Copy permalink