packages/grub2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/libtasn1: Fix ETYPE_OK off by one array size check

Browse Source 
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
This commit is contained in:
Qiumiao Zhang 2024-06-04 07:27:37 +00:00
parent 1f49767349
commit 3a1730cddc
3 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch Normal file
View File

@ -0,0 +1,29 @@
From 3395407f083eae362637d7a29e31c97008a57f4f Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Wed, 17 Aug 2022 12:25:06 +0200
Subject: [PATCH] lib/libtasn1: Fix ETYPE_OK off by one array size check
Reported by David Trabish in
<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
---
grub-core/lib/libtasn1/lib/int.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h
index 4a568ef..65e7087 100644
--- a/grub-core/lib/libtasn1/lib/int.h
+++ b/grub-core/lib/libtasn1/lib/int.h
@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
#define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
#define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
- (etype) <= _asn1_tags_size && \
+ (etype) < _asn1_tags_size && \
_asn1_tags[(etype)].desc != NULL)?1:0)
#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
--
2.33.0

1
grub.patches
View File

@ -349,3 +349,4 @@ Patch0349: backport-commands-acpi-Fix-calculation-of-ACPI-tables-address.patch
Patch0350: backport-CVE-2024-1048-grub-set-bootflag-Conservative-partial-fix.patch Patch0350: backport-CVE-2024-1048-grub-set-bootflag-Conservative-partial-fix.patch
Patch0351: backport-CVE-2024-1048-grub-set-bootflag-More-complete-fix.patch Patch0351: backport-CVE-2024-1048-grub-set-bootflag-More-complete-fix.patch
Patch0352: backport-CVE-2024-1048-grub-set-bootflag-Exit-calmly-when-not.patch Patch0352: backport-CVE-2024-1048-grub-set-bootflag-Exit-calmly-when-not.patch
Patch0353: backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch

8
grub2.spec
View File

@ -14,7 +14,7 @@
Name: grub2 Name: grub2
Epoch: 1 Epoch: 1
Version: 2.06 Version: 2.06
Release: 45 Release: 46
Summary: Bootloader with support for Linux, Multiboot and more Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/grub/ URL: http://www.gnu.org/software/grub/
@ -453,6 +453,12 @@ fi
%{_datadir}/man/man* %{_datadir}/man/man*
%changelog %changelog
* Tue Jun 4 2024 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.06-46
- Type:CVE
- CVE:CVE-2021-46848
- SUG:NA
- DESC:lib/libtasn1: Fix ETYPE_OK off by one array size check
* Thu Mar 14 2024 chenyuanfeng <yuanfeng.chen@shingroup.cn> - 1:2.06-45 * Thu Mar 14 2024 chenyuanfeng <yuanfeng.chen@shingroup.cn> - 1:2.06-45
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA