!60 【Mainline】backport upstream patch

From: @yixiangzhike 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite

backport-common-Protect-against-a-theoretical-integer-overflow.patch

@@ -0,0 +1,34 @@
+From c300253181cfc591cbcae9251eda5296ed29591b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Fri, 7 Oct 2022 14:12:33 +0200
+Subject: [PATCH] common: Protect against a theoretical integer overflow in
+ tlv.c
+
+* common/tlv.c (parse_ber_header): Protect agains integer overflow.
+--
+
+Although there is no concrete case where we use the (nhdr + length),
+it is better to protect against this already here.
+---
+ common/tlv.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/common/tlv.c b/common/tlv.c
+index abef83a37..9618d04cb 100644
+--- a/common/tlv.c
++++ b/common/tlv.c
+@@ -222,6 +222,11 @@ parse_ber_header (unsigned char const **buffer, size_t *size,
+       *r_length = len;
+     }
+ 
++  if (*r_length > *r_nhdr && (*r_nhdr + *r_length) < *r_length)
++    {
++      return gpg_err_make (default_errsource, GPG_ERR_EOVERFLOW);
++    }
++
+   /* Without this kludge some example certs can't be parsed. */
+   if (*r_class == CLASS_UNIVERSAL && !*r_tag)
+     *r_length = 0;
+-- 
+2.27.0
+

gnupg2.spec

@@ -1,6 +1,6 @@
 Name: gnupg2
 Version: 2.3.6
-Release: 3
+Release: 4
 Summary: Utility for secure communication and data storage
 
 License: GPLv3+
@@ -18,6 +18,7 @@ Patch6:  gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
 Patch7:  gnupg-2.2.20-file-is-digest.patch
 Patch8:  gnupg-2.2.21-coverity.patch
 Patch9:  backport-CVE-2022-34903.patch
+Patch10: backport-common-Protect-against-a-theoretical-integer-overflow.patch
 
 BuildRequires: gcc
 BuildRequires: zlib-devel, npth-devel, texinfo
@@ -120,6 +121,9 @@ make check
 
 
 %changelog
+* Wed Jun 14 2023 yixiangzhike <yixiangzhike007@163.com> - 2.3.6-4
+- backport upstream patch
+
 * Mon Aug 15 2022 yixiangzhike <yixiangzhike007@163.com> - 2.3.6-3
 - fix CVE-2022-34903