[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v19 08/33] libtasn1: fix the potential buffer overrun
From: |
Gary Lin |
Subject: |
[PATCH v19 08/33] libtasn1: fix the potential buffer overrun |
Date: |
Fri, 6 Sep 2024 17:11:00 +0800 |
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official upstream fix.
libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
...sn1-fix-the-potential-buffer-overrun.patch | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
create mode 100644
grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
diff --git
a/grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
b/grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
new file mode 100644
index 000000000..c7c995565
--- /dev/null
+++
b/grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
@@ -0,0 +1,36 @@
+From 66f5485a9b4ea02f7d2796c5f245fcbf7c88b390 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Mon, 8 Apr 2024 14:57:21 +0800
+Subject: [PATCH 06/12] libtasn1: fix the potential buffer overrun
+
+In _asn1_tag_der(), the first while loop for the long form may end up
+with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
+in the second while loop. This commit tweaks the conditional check to
+avoid producing a too large 'k'.
+
+This is a quick fix and may differ from the official upstream fix.
+
+libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
+
+Signed-off-by: Gary Lin <glin@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/libtasn1-grub/lib/coding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/libtasn1-grub/lib/coding.c
b/grub-core/lib/libtasn1-grub/lib/coding.c
+index 5d03bca9d..0458829a5 100644
+--- a/grub-core/lib/libtasn1-grub/lib/coding.c
++++ b/grub-core/lib/libtasn1-grub/lib/coding.c
+@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int tag_value,
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+- if (k > ASN1_MAX_TAG_SIZE - 1)
++ if (k >= ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+--
+2.35.3
+
--
2.35.3
- [PATCH v19 00/33] Automatic Disk Unlock with TPM2, Gary Lin, 2024/09/06
- [PATCH v19 01/33] posix_wrap: tweaks in preparation for libtasn1, Gary Lin, 2024/09/06
- [PATCH v19 03/33] libtasn1: disable code not needed in grub, Gary Lin, 2024/09/06
- [PATCH v19 04/33] libtasn1: replace strcat() with strcpy() in _asn1_str_cat(), Gary Lin, 2024/09/06
- [PATCH v19 05/33] libtasn1: replace strcat() with _asn1_str_cat(), Gary Lin, 2024/09/06
- [PATCH v19 02/33] libtasn1: import libtasn1-4.19.0, Gary Lin, 2024/09/06
- [PATCH v19 07/33] libtasn1: Use grub_divmod64() for division, Gary Lin, 2024/09/06
- [PATCH v19 06/33] libtasn1: adjust the header paths in libtasn1.h, Gary Lin, 2024/09/06
- [PATCH v19 08/33] libtasn1: fix the potential buffer overrun,
Gary Lin <=
- [PATCH v19 09/33] asn1_test: include asn1_test.h only, Gary Lin, 2024/09/06
- [PATCH v19 10/33] asn1_test: rename the main functions to the test names, Gary Lin, 2024/09/06
- [PATCH v19 11/33] asn1_test: remove 'verbose' and the unnecessary printf(), Gary Lin, 2024/09/06
- [PATCH v19 12/33] asn1_test: print the error messages with grub_printf(), Gary Lin, 2024/09/06
- [PATCH v19 13/33] asn1_test: return either 0 or 1 to reflect the results, Gary Lin, 2024/09/06
- [PATCH v19 14/33] asn1_test: use the grub-specific functions and types, Gary Lin, 2024/09/06
- [PATCH v19 15/33] libtasn1: compile into asn1 module, Gary Lin, 2024/09/06
- [PATCH v19 16/33] asn1_test: test module for libtasn1, Gary Lin, 2024/09/06
- [PATCH v19 17/33] libtasn1: Add the documentation, Gary Lin, 2024/09/06
- [PATCH v19 18/33] key_protector: Add key protectors framework, Gary Lin, 2024/09/06