packages/libtasn1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!19 【Mainline】fix CVE-2021-46848

Browse Source 
From: @yixiangzhike 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2022-10-25 08:19:53 +00:00 committed by Gitee
commit 78981503d6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch Normal file
View File

@ -0,0 +1,29 @@
From 44a700d2051a666235748970c2df047ff207aeb5 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Wed, 17 Aug 2022 12:25:06 +0200
Subject: [PATCH] Fix ETYPE_OK off by one array size check. Closes: #32.
Reported by David Trabish in
<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
---
lib/int.h | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/lib/int.h b/lib/int.h
index 488c118..d94d51c 100644
--- a/lib/int.h
+++ b/lib/int.h
@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
#define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
#define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
- (etype) <= _asn1_tags_size && \
+ (etype) < _asn1_tags_size && \
_asn1_tags[(etype)].desc != NULL)?1:0)
#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
--
2.27.0

6
libtasn1.spec
View File

@ -1,7 +1,7 @@
Summary: Libtasn1 is a ASN.1 parsing library Summary: Libtasn1 is a ASN.1 parsing library
Name: libtasn1 Name: libtasn1
Version: 4.17.0 Version: 4.17.0
Release: 2 Release: 3
# The libtasn1 library is LGPLv2+, utilities are GPLv3+ # The libtasn1 library is LGPLv2+, utilities are GPLv3+
License: GPLv3+ and LGPLv2+ License: GPLv3+ and LGPLv2+
@ -10,6 +10,7 @@ Source0: http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz
Source1: http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz.sig Source1: http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz.sig
Patch0: fix-memleaks-in-asn1-arrat2tree.patch Patch0: fix-memleaks-in-asn1-arrat2tree.patch
Patch1: backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch
BuildRequires: gcc, autoconf, automake, libtool, gnupg2, bison, pkgconfig, help2man BuildRequires: gcc, autoconf, automake, libtool, gnupg2, bison, pkgconfig, help2man
# when autoconf >= 2.71, the command autoreconf need gtk-doc package # when autoconf >= 2.71, the command autoreconf need gtk-doc package
@ -85,6 +86,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \
%{_infodir}/*.info.* %{_infodir}/*.info.*
%changelog %changelog
* Tue Oct 25 2022 yixiangzhike <yixiangzhike007@163.com> - 4.17.0-3
- fix CVE-2021-46848
* Sat May 28 2022 yixiangzhike <yixiangzhike007@163.com> - 4.17.0-2 * Sat May 28 2022 yixiangzhike <yixiangzhike007@163.com> - 4.17.0-2
- fix fuzz issues - fix fuzz issues