mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-23 00:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der

Browse Source 
Upstream-Status: Backport [44a700d205]

(From OE-Core rev: 305f1c56121436da7be39c5980fc11f779188ab7)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Vivek Kumbhar
2022-11-17 12:15:38 +05:30
committed by Richard Purdie
parent 124e5c8391
commit 1ab1a5821e
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch Normal file
View File

@@ -0,0 +1,45 @@
From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001
From: Vivek Kumbhar <vkumbhar@mvista.com>
Date: Thu, 17 Nov 2022 12:07:50 +0530
Subject: [PATCH] CVE-2021-46848
Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5]
CVE: CVE-2021-46848
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Fix ETYPE_OK off by one array size check.
---
NEWS | 4 ++++
lib/int.h | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index f042481..d8f684e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
GNU Libtasn1 NEWS -*- outline -*-
+* Noteworthy changes in release ?.? (????-??-??) [?]
+- Fix ETYPE_OK out of bounds read. Closes: #32.
+- Update gnulib files and various maintenance fixes.
+
* Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable]
- asn1_decode_simple_ber: added support for constructed definite
octet strings. This allows this function decode the whole set of
diff --git a/lib/int.h b/lib/int.h
index ea16257..c877282 100644
--- a/lib/int.h
+++ b/lib/int.h
@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
#define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
#define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
- (etype) <= _asn1_tags_size && \
+ (etype) < _asn1_tags_size && \
_asn1_tags[(etype)].desc != NULL)?1:0)
#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
--
2.25.1

1
meta/recipes-support/gnutls/libtasn1_4.16.0.bb
View File

@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
file://dont-depend-on-help2man.patch \
file://CVE-2021-46848.patch \
"
DEPENDS = "bison-native"