From 41550b24b92c4a5971da9842e5e9f2b452aceca8 Tue Oct 29 22:44:57 2024
From: Peter Marko <peter.marko@siemens.com>
Date: Tue, 29 Oct 2024 22:44:57 +0100
Subject: [PATCH] fix CVE-2024-6609

CVE: CVE-2024-6609
Upstream-Status: Inappropriate [upstream ticket: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/t9JmsYkujWM/m/HjKuk-ngBAAJ]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 nss/lib/freebl/ec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nss/lib/freebl/ec.c b/nss/lib/freebl/ec.c
index 73a625a..c9490da 100644
--- a/nss/lib/freebl/ec.c
+++ b/nss/lib/freebl/ec.c
@@ -302,6 +302,10 @@ done:
 
 cleanup:
     mp_clear(&k);
+    if (err < MP_OKAY) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
     if (rv) {
         PORT_FreeArena(arena, PR_TRUE);
     }
-- 
2.30.2