summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVivek Kumbhar <vkumbhar@mvista.com>2022-11-17 12:15:38 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-11-23 00:26:19 +0000
commit305f1c56121436da7be39c5980fc11f779188ab7 (patch)
treecf6ac0066ee44465eb30cb7bf6b0db3bc312ca3c
parent4498ca9a299bd5d9a7173ec67daf17cb66b6d286 (diff)
downloadopenembedded-core-contrib-305f1c56121436da7be39c5980fc11f779188ab7.tar.gz
libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der
Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5] Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch45
-rw-r--r--meta/recipes-support/gnutls/libtasn1_4.16.0.bb1
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
new file mode 100644
index 0000000000..9a8ceecbe7
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
@@ -0,0 +1,45 @@
+From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001
+From: Vivek Kumbhar <vkumbhar@mvista.com>
+Date: Thu, 17 Nov 2022 12:07:50 +0530
+Subject: [PATCH] CVE-2021-46848
+
+Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5]
+CVE: CVE-2021-46848
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+
+Fix ETYPE_OK off by one array size check.
+---
+ NEWS | 4 ++++
+ lib/int.h | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index f042481..d8f684e 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,5 +1,9 @@
+ GNU Libtasn1 NEWS -*- outline -*-
+
++* Noteworthy changes in release ?.? (????-??-??) [?]
++- Fix ETYPE_OK out of bounds read. Closes: #32.
++- Update gnulib files and various maintenance fixes.
++
+ * Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable]
+ - asn1_decode_simple_ber: added support for constructed definite
+ octet strings. This allows this function decode the whole set of
+diff --git a/lib/int.h b/lib/int.h
+index ea16257..c877282 100644
+--- a/lib/int.h
++++ b/lib/int.h
+@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+- (etype) <= _asn1_tags_size && \
++ (etype) < _asn1_tags_size && \
+ _asn1_tags[(etype)].desc != NULL)?1:0)
+
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+--
+2.25.1
+
diff --git a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb
index 8d3a14506a..d2b3c492ec 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
file://dont-depend-on-help2man.patch \
+ file://CVE-2021-46848.patch \
"
DEPENDS = "bison-native"