diff options
author | Vivek Kumbhar <vkumbhar@mvista.com> | 2022-11-17 12:15:38 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-23 00:26:19 +0000 |
commit | 305f1c56121436da7be39c5980fc11f779188ab7 (patch) | |
tree | cf6ac0066ee44465eb30cb7bf6b0db3bc312ca3c | |
parent | 4498ca9a299bd5d9a7173ec67daf17cb66b6d286 (diff) | |
download | openembedded-core-contrib-305f1c56121436da7be39c5980fc11f779188ab7.tar.gz |
libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der
Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5]
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch | 45 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/libtasn1_4.16.0.bb | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch new file mode 100644 index 0000000000..9a8ceecbe7 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch @@ -0,0 +1,45 @@ +From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001 +From: Vivek Kumbhar <vkumbhar@mvista.com> +Date: Thu, 17 Nov 2022 12:07:50 +0530 +Subject: [PATCH] CVE-2021-46848 + +Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5] +CVE: CVE-2021-46848 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> + +Fix ETYPE_OK off by one array size check. +--- + NEWS | 4 ++++ + lib/int.h | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index f042481..d8f684e 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,9 @@ + GNU Libtasn1 NEWS -*- outline -*- + ++* Noteworthy changes in release ?.? (????-??-??) [?] ++- Fix ETYPE_OK out of bounds read. Closes: #32. ++- Update gnulib files and various maintenance fixes. ++ + * Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable] + - asn1_decode_simple_ber: added support for constructed definite + octet strings. This allows this function decode the whole set of +diff --git a/lib/int.h b/lib/int.h +index ea16257..c877282 100644 +--- a/lib/int.h ++++ b/lib/int.h +@@ -97,7 +97,7 @@ typedef struct tag_and_class_st + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ +- (etype) <= _asn1_tags_size && \ ++ (etype) < _asn1_tags_size && \ + _asn1_tags[(etype)].desc != NULL)?1:0) + + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ +-- +2.25.1 + diff --git a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb index 8d3a14506a..d2b3c492ec 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://dont-depend-on-help2man.patch \ + file://CVE-2021-46848.patch \ " DEPENDS = "bison-native" |