commit 6f3884fb41167f3bded9a46fedef1b2089ca00d2
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 9 10:07:15 2022 +0200

    [Backport] nss: return error if seemingly stuck in a cert loop
    
    Offering: RTOS
    CVE: CVE-2022-27781
    Reference: upstream_commit_id=5c7da89d404bf59c8dd82a001119a16d18365917
    
    DTS/AR: DTS2022051305838
    type: LTS
    reason: fix CVE-2022-27781 for curl.
    weblink:https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917
    
    CVE-2022-27781
    
    Reported-by: Florian Kohnhäuser
    Bug: https://curl.se/docs/CVE-2022-27781.html
    Closes #8822
    
    Signed-off-by: jiahuasheng <jiahuasheng@h-partners.com>

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index cf657895f..e3782a4ee 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -972,6 +972,9 @@ static void display_cert_info(struct Curl_easy *data,
   PR_Free(common_name);
 }
 
+/* A number of certs that will never occur in a real server handshake */
+#define TOO_MANY_CERTS 300
+
 static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
 {
   CURLcode result = CURLE_OK;
@@ -1007,6 +1010,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
         cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
         while(cert2) {
           i++;
+          if(i >= TOO_MANY_CERTS) {
+            CERT_DestroyCertificate(cert2);
+            failf(data, "certificate loop");
+            return CURLE_SSL_CERTPROBLEM;
+          }
           if(cert2->isRoot) {
             CERT_DestroyCertificate(cert2);
             break;