grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v13 08/20] libtasn1: Add the documentation


From: Glenn Washburn
Subject: Re: [PATCH v13 08/20] libtasn1: Add the documentation
Date: Sat, 27 Apr 2024 03:27:57 -0500

On Thu, 25 Apr 2024 16:01:54 +0800
Gary Lin <glin@suse.com> wrote:

> Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
> Also add the patches to make libtasn1 compatible with grub code.
> 
> Signed-off-by: Gary Lin <glin@suse.com>
> Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
> ---
>  docs/grub-dev.texi                            |  28 ++
>  ...asn1-disable-code-not-needed-in-grub.patch | 320 ++++++++++++++++++
>  ...tasn1-changes-for-grub-compatibility.patch | 135 ++++++++
>  ...sn1-fix-the-potential-buffer-overrun.patch |  35 ++
>  4 files changed, 518 insertions(+)
>  create mode 100644 
> grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
>  create mode 100644 
> grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
>  create mode 100644 
> grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> 
> diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
> index 1276c5930..36bf77883 100644
> --- a/docs/grub-dev.texi
> +++ b/docs/grub-dev.texi
> @@ -506,6 +506,7 @@ to update it.
>  * Gnulib::
>  * jsmn::
>  * minilzo::
> +* libtasn1::
>  @end menu
>  
>  @node Gnulib
> @@ -596,6 +597,33 @@ cp minilzo-2.10/*.[hc] grub-core/lib/minilzo
>  rm -r minilzo-2.10*
>  @end example
>  
> +@node libtasn1
> +@section libtasn1
> +
> +libtasn1 is a library providing Abstract Syntax Notation One (ASN.1, as
> +specified by the X.680 ITU-T recommendation) parsing and structures 
> management,
> +and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding
> +functions.
> +
> +To upgrade to a new version of the libtasn1 library, download the release
> +tarball and copy the files into the target directory:
> +
> +@example
> +curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz
> +tar -zxf libtasn1-4.19.0.tar.gz
> +rm -r grub-core/lib/libtasn1/
> +mkdir libtasn1/lib
> +mkdir -p grub-core/lib/libtasn1/lib/
> +cp libtasn1-4.19.0/@lbracechar{}README.md,COPYING@rbracechar{} 
> grub-core/lib/libtasn1/
> +cp 
> libtasn1-4.19.0/lib/@lbracechar{}coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h@rbracechar{}
>  grub-core/lib/libtasn1/lib/
> +cp libtasn1-4.19.0/lib/includes/libtasn1.h include/grub/
> +rm -rf libtasn1-4.19.0
> +@end example
> +
> +After upgrading the library, it is necessary to apply the patches in

s/is/may be/

> +@file{grub-core/lib/libtasn1-patches/} to adjust the code to be compatible 
> with
> +grub.

Add after this sentence, I think its worth mentioning the following:

  These patches were needed to use the current version of libtasn1. The
  existing patches may not apply cleanly, apply at all, or even be
  needed for a newer version of the library, and other patches maybe
  needed due to changes in the newer version. If existing patches need
  to be refreshed to apply cleanly, please include updated patches as
  part of the a patch set sent to the list. If new patches are needed
  or existing patches are not needed, also please send additions or
  removals as part of any patch set upgrading libtasn1.

Glenn

> +
>  @node Debugging
>  @chapter Debugging
>  
> diff --git 
> a/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
>  
> b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> new file mode 100644
> index 000000000..e3264409f
> --- /dev/null
> +++ 
> b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> @@ -0,0 +1,320 @@
> +From 715f65934a120730316751536194ec5ed86aed9c Mon Sep 17 00:00:00 2001
> +From: Daniel Axtens <dja@axtens.net>
> +Date: Fri, 1 May 2020 17:12:23 +1000
> +Subject: [PATCH 1/3] libtasn1: disable code not needed in grub
> +
> +We don't expect to be able to write ASN.1, only read it,
> +so we can disable some code.
> +
> +Do that with #if 0/#endif, rather than deletion. This means
> +that the difference between upstream and grub is smaller,
> +which should make updating libtasn1 easier in the future.
> +
> +With these exclusions we also avoid the need for minmax.h,
> +which is convenient because it means we don't have to
> +import it from gnulib.
> +
> +Cc: Vladimir Serbinenko <phcoder@gmail.com>
> +Signed-off-by: Daniel Axtens <dja@axtens.net>
> +Signed-off-by: Gary Lin <glin@suse.com>
> +---
> + grub-core/lib/libtasn1/lib/coding.c    | 12 ++++++++++--
> + grub-core/lib/libtasn1/lib/decoding.c  |  2 ++
> + grub-core/lib/libtasn1/lib/element.c   |  6 +++---
> + grub-core/lib/libtasn1/lib/errors.c    |  3 +++
> + grub-core/lib/libtasn1/lib/structure.c | 10 ++++++----
> + include/grub/libtasn1.h                | 15 +++++++++++++++
> + 6 files changed, 39 insertions(+), 9 deletions(-)
> +
> +diff --git a/grub-core/lib/libtasn1/lib/coding.c 
> b/grub-core/lib/libtasn1/lib/coding.c
> +index ea5bc370e..5d03bca9d 100644
> +--- a/grub-core/lib/libtasn1/lib/coding.c
> ++++ b/grub-core/lib/libtasn1/lib/coding.c
> +@@ -30,11 +30,11 @@
> + #include "parser_aux.h"
> + #include <gstr.h>
> + #include "element.h"
> +-#include "minmax.h"
> + #include <structure.h>
> + 
> + #define MAX_TAG_LEN 16
> + 
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_error_description_value_not_found */
> + /* Description: creates the ErrorDescription string   */
> +@@ -58,6 +58,7 @@ _asn1_error_description_value_not_found (asn1_node node,
> +   Estrcat (ErrorDescription, "' not found");
> + 
> + }
> ++#endif
> + 
> + /**
> +  * asn1_length_der:
> +@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const 
> unsigned char *str,
> +   return ASN1_SUCCESS;
> + }
> + 
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_time_der                          */
> + /* Description: creates the DER coding for a TIME     */
> +@@ -278,7 +280,7 @@ _asn1_time_der (unsigned char *str, int str_len, 
> unsigned char *der,
> + 
> +   return ASN1_SUCCESS;
> + }
> +-
> ++#endif
> + 
> + /*
> + void
> +@@ -519,6 +521,7 @@ asn1_bit_der (const unsigned char *str, int bit_len,
> + }
> + 
> + 
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_complete_explicit_tag             */
> + /* Description: add the length coding to the EXPLICIT */
> +@@ -595,6 +598,7 @@ _asn1_complete_explicit_tag (asn1_node node, unsigned 
> char *der,
> + 
> +   return ASN1_SUCCESS;
> + }
> ++#endif
> + 
> + const tag_and_class_st _asn1_tags[] = {
> +   [ASN1_ETYPE_GENERALSTRING] =
> +@@ -647,6 +651,8 @@ const tag_and_class_st _asn1_tags[] = {
> + 
> + unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]);
> + 
> ++
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_insert_tag_der                    */
> + /* Description: creates the DER coding of tags of one */
> +@@ -1423,3 +1429,5 @@ error:
> +   asn1_delete_structure (&node);
> +   return err;
> + }
> ++
> ++#endif
> +diff --git a/grub-core/lib/libtasn1/lib/decoding.c 
> b/grub-core/lib/libtasn1/lib/decoding.c
> +index b9245c486..bf9cb13ac 100644
> +--- a/grub-core/lib/libtasn1/lib/decoding.c
> ++++ b/grub-core/lib/libtasn1/lib/decoding.c
> +@@ -1620,6 +1620,7 @@ asn1_der_decoding (asn1_node * element, const void 
> *ider, int ider_len,
> +   return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription);
> + }
> + 
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> +  * asn1_der_decoding_element:
> +  * @structure: pointer to an ASN1 structure
> +@@ -1650,6 +1651,7 @@ asn1_der_decoding_element (asn1_node * structure, 
> const char *elementName,
> + {
> +   return asn1_der_decoding (structure, ider, len, errorDescription);
> + }
> ++#endif
> + 
> + /**
> +  * asn1_der_decoding_startEnd:
> +diff --git a/grub-core/lib/libtasn1/lib/element.c 
> b/grub-core/lib/libtasn1/lib/element.c
> +index d4c558e10..bc4c3c8d7 100644
> +--- a/grub-core/lib/libtasn1/lib/element.c
> ++++ b/grub-core/lib/libtasn1/lib/element.c
> +@@ -118,7 +118,7 @@ _asn1_convert_integer (const unsigned char *value, 
> unsigned char *value_out,
> +     value_out[k2 - k] = val[k2];
> +     }
> + 
> +-#if 0
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> +   printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
> +   for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
> +     printf (", vOut[%d]=%d", k, value_out[k]);
> +@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct 
> node_tail_cache_st *pcache)
> +   return ASN1_SUCCESS;
> + }
> + 
> +-
> ++#if 0
> + /**
> +  * asn1_write_value:
> +  * @node_root: pointer to a structure
> +@@ -646,7 +646,7 @@ asn1_write_value (asn1_node node_root, const char *name,
> + 
> +   return ASN1_SUCCESS;
> + }
> +-
> ++#endif
> + 
> + #define PUT_VALUE( ptr, ptr_size, data, data_size) \
> +     *len = data_size; \
> +diff --git a/grub-core/lib/libtasn1/lib/errors.c 
> b/grub-core/lib/libtasn1/lib/errors.c
> +index aef5dfe6f..2b2322152 100644
> +--- a/grub-core/lib/libtasn1/lib/errors.c
> ++++ b/grub-core/lib/libtasn1/lib/errors.c
> +@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = {
> +   {0, 0}
> + };
> + 
> ++
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> +  * asn1_perror:
> +  * @error: is an error returned by a libtasn1 function.
> +@@ -73,6 +75,7 @@ asn1_perror (int error)
> +   const char *str = asn1_strerror (error);
> +   fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
> + }
> ++#endif
> + 
> + /**
> +  * asn1_strerror:
> +diff --git a/grub-core/lib/libtasn1/lib/structure.c 
> b/grub-core/lib/libtasn1/lib/structure.c
> +index 512dd601f..f5a947d57 100644
> +--- a/grub-core/lib/libtasn1/lib/structure.c
> ++++ b/grub-core/lib/libtasn1/lib/structure.c
> +@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node)
> +   return node->left;
> + }
> + 
> +-
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + int
> + _asn1_create_static_structure (asn1_node_const pointer,
> +                            char *output_file_name, char *vector_name)
> +@@ -155,7 +155,7 @@ _asn1_create_static_structure (asn1_node_const pointer,
> + 
> +   return ASN1_SUCCESS;
> + }
> +-
> ++#endif
> + 
> + /**
> +  * asn1_array2tree:
> +@@ -721,7 +721,7 @@ asn1_create_element (asn1_node_const definitions, const 
> char *source_name,
> +   return res;
> + }
> + 
> +-
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> +  * asn1_print_structure:
> +  * @out: pointer to the output file (e.g. stdout).
> +@@ -1062,7 +1062,7 @@ asn1_print_structure (FILE * out, asn1_node_const 
> structure, const char *name,
> +     }
> +     }
> + }
> +-
> ++#endif
> + 
> + 
> + /**
> +@@ -1158,6 +1158,7 @@ asn1_find_structure_from_oid (asn1_node_const 
> definitions,
> +   return NULL;                      /* ASN1_ELEMENT_NOT_FOUND; */
> + }
> + 
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> +  * asn1_copy_node:
> +  * @dst: Destination asn1 node.
> +@@ -1207,6 +1208,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name,
> + 
> +   return result;
> + }
> ++#endif
> + 
> + /**
> +  * asn1_dup_node:
> +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
> +index 51cc7879f..058ab27b0 100644
> +--- a/include/grub/libtasn1.h
> ++++ b/include/grub/libtasn1.h
> +@@ -318,6 +318,8 @@ extern "C"
> + /*  Functions definitions          */
> + /***********************************/
> + 
> ++/* These functions are not used in grub and should not be referenced. */
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> +   extern ASN1_API int
> +     asn1_parser2tree (const char *file,
> +                   asn1_node * definitions, char *error_desc);
> +@@ -326,14 +328,17 @@ extern "C"
> +     asn1_parser2array (const char *inputFileName,
> +                    const char *outputFileName,
> +                    const char *vectorName, char *error_desc);
> ++# endif
> + 
> +   extern ASN1_API int
> +     asn1_array2tree (const asn1_static_node * array,
> +                  asn1_node * definitions, char *errorDescription);
> + 
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> +   extern ASN1_API void
> +     asn1_print_structure (FILE * out, asn1_node_const structure,
> +                       const char *name, int mode);
> ++# endif
> + 
> +   extern ASN1_API int
> +     asn1_create_element (asn1_node_const definitions,
> +@@ -347,9 +352,11 @@ extern "C"
> +   extern ASN1_API int
> +     asn1_delete_element (asn1_node structure, const char *element_name);
> + 
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> +   extern ASN1_API int
> +     asn1_write_value (asn1_node node_root, const char *name,
> +                   const void *ivalue, int len);
> ++# endif
> + 
> +   extern ASN1_API int
> +     asn1_read_value (asn1_node_const root, const char *name,
> +@@ -366,9 +373,11 @@ extern "C"
> +     asn1_number_of_elements (asn1_node_const element, const char *name,
> +                          int *num);
> + 
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> +   extern ASN1_API int
> +     asn1_der_coding (asn1_node_const element, const char *name,
> +                  void *ider, int *len, char *ErrorDescription);
> ++# endif
> + 
> +   extern ASN1_API int
> +     asn1_der_decoding2 (asn1_node * element, const void *ider,
> +@@ -379,6 +388,7 @@ extern "C"
> +     asn1_der_decoding (asn1_node * element, const void *ider,
> +                    int ider_len, char *errorDescription);
> + 
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + /* Do not use. Use asn1_der_decoding() instead. */
> +   extern ASN1_API int
> +     asn1_der_decoding_element (asn1_node * structure,
> +@@ -386,6 +396,7 @@ extern "C"
> +                            const void *ider, int len,
> +                            char *errorDescription)
> +     _ASN1_GCC_ATTR_DEPRECATED;
> ++# endif
> + 
> +   extern ASN1_API int
> +     asn1_der_decoding_startEnd (asn1_node element,
> +@@ -411,12 +422,16 @@ extern "C"
> +                                                         const char
> +                                                         *oidValue);
> + 
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> +     __LIBTASN1_PURE__
> +     extern ASN1_API const char *asn1_check_version (const char 
> *req_version);
> ++# endif
> + 
> +   __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error);
> + 
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> +   extern ASN1_API void asn1_perror (int error);
> ++# endif
> + 
> + # define ASN1_MAX_TAG_SIZE 4
> + # define ASN1_MAX_LENGTH_SIZE 9
> +-- 
> +2.35.3
> +
> diff --git 
> a/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
>  
> b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> new file mode 100644
> index 000000000..5ab885e91
> --- /dev/null
> +++ 
> b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> @@ -0,0 +1,135 @@
> +From d13793c210999b256b46970b5f76d41a57e5c8fc Mon Sep 17 00:00:00 2001
> +From: Daniel Axtens <dja@axtens.net>
> +Date: Fri, 1 May 2020 20:44:29 +1000
> +Subject: [PATCH 2/3] libtasn1: changes for grub compatibility
> +
> +Do a few things to make libtasn1 compile as part of grub:
> +
> + - remove _asn1_strcat and replace strcat with the bound-checked
> +   _asn1_str_cat except the one inside _asn1_str_cat. That strcat is
> +   replaced with strcpy.
> +
> + - adjust header paths in libtasn1.h
> +
> + - adjust header paths to "grub/libtasn1.h".
> +
> + - replace a 64 bit division with a call to grub_divmod64, preventing
> +   creation of __udivdi3 calls on 32 bit platforms.
> +
> +Cc: Vladimir Serbinenko <phcoder@gmail.com>
> +Signed-off-by: Daniel Axtens <dja@axtens.net>
> +Signed-off-by: Gary Lin <glin@suse.com>
> +---
> + grub-core/lib/libtasn1/lib/decoding.c   | 8 ++++----
> + grub-core/lib/libtasn1/lib/element.c    | 2 +-
> + grub-core/lib/libtasn1/lib/gstr.c       | 2 +-
> + grub-core/lib/libtasn1/lib/int.h        | 3 +--
> + grub-core/lib/libtasn1/lib/parser_aux.c | 2 +-
> + include/grub/libtasn1.h                 | 5 ++---
> + 6 files changed, 10 insertions(+), 12 deletions(-)
> +
> +diff --git a/grub-core/lib/libtasn1/lib/decoding.c 
> b/grub-core/lib/libtasn1/lib/decoding.c
> +index bf9cb13ac..51859fe36 100644
> +--- a/grub-core/lib/libtasn1/lib/decoding.c
> ++++ b/grub-core/lib/libtasn1/lib/decoding.c
> +@@ -2016,8 +2016,8 @@ asn1_expand_octet_string (asn1_node_const definitions, 
> asn1_node * element,
> +       (p2->type & CONST_ASSIGN))
> +     {
> +       strcpy (name, definitions->name);
> +-      strcat (name, ".");
> +-      strcat (name, p2->name);
> ++      _asn1_str_cat (name, sizeof (name), ".");
> ++      _asn1_str_cat (name, sizeof (name), p2->name);
> + 
> +       len = sizeof (value);
> +       result = asn1_read_value (definitions, name, value, &len);
> +@@ -2034,8 +2034,8 @@ asn1_expand_octet_string (asn1_node_const definitions, 
> asn1_node * element,
> +           if (p2)
> +             {
> +               strcpy (name, definitions->name);
> +-              strcat (name, ".");
> +-              strcat (name, p2->name);
> ++              _asn1_str_cat (name, sizeof (name), ".");
> ++              _asn1_str_cat (name, sizeof (name), p2->name);
> + 
> +               result = asn1_create_element (definitions, name, &aux);
> +               if (result == ASN1_SUCCESS)
> +diff --git a/grub-core/lib/libtasn1/lib/element.c 
> b/grub-core/lib/libtasn1/lib/element.c
> +index bc4c3c8d7..8694fecb9 100644
> +--- a/grub-core/lib/libtasn1/lib/element.c
> ++++ b/grub-core/lib/libtasn1/lib/element.c
> +@@ -688,7 +688,7 @@ asn1_write_value (asn1_node node_root, const char *name,
> +                 return ASN1_MEM_ERROR; \
> +         } else { \
> +                 /* this strcat is checked */ \
> +-                if (ptr) _asn1_strcat (ptr, data); \
> ++                if (ptr) _asn1_str_cat ((char *)ptr, ptr_size, (const char 
> *)data); \
> +         }
> + 
> + /**
> +diff --git a/grub-core/lib/libtasn1/lib/gstr.c 
> b/grub-core/lib/libtasn1/lib/gstr.c
> +index eef419554..a9c16f5d3 100644
> +--- a/grub-core/lib/libtasn1/lib/gstr.c
> ++++ b/grub-core/lib/libtasn1/lib/gstr.c
> +@@ -36,7 +36,7 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const 
> char *src)
> + 
> +   if (dest_tot_size - dest_size > str_size)
> +     {
> +-      strcat (dest, src);
> ++      strcpy (dest + dest_size, src);
> +     }
> +   else
> +     {
> +diff --git a/grub-core/lib/libtasn1/lib/int.h 
> b/grub-core/lib/libtasn1/lib/int.h
> +index d94d51c8c..7409c7655 100644
> +--- a/grub-core/lib/libtasn1/lib/int.h
> ++++ b/grub-core/lib/libtasn1/lib/int.h
> +@@ -35,7 +35,7 @@
> + #  include <sys/types.h>
> + # endif
> + 
> +-# include <libtasn1.h>
> ++# include "grub/libtasn1.h"
> + 
> + # define ASN1_SMALL_VALUE_SIZE 16
> + 
> +@@ -115,7 +115,6 @@ extern const tag_and_class_st _asn1_tags[];
> + # define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b)
> + # define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b)
> + # define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b)
> +-# define _asn1_strcat(a,b) strcat((char *)a, (const char *)b)
> + 
> + # if SIZEOF_UNSIGNED_LONG_INT == 8
> + #  define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
> +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c 
> b/grub-core/lib/libtasn1/lib/parser_aux.c
> +index c05bd2339..e4e4c0556 100644
> +--- a/grub-core/lib/libtasn1/lib/parser_aux.c
> ++++ b/grub-core/lib/libtasn1/lib/parser_aux.c
> +@@ -632,7 +632,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
> +   count = 0;
> +   do
> +     {
> +-      d = val / 10;
> ++      d = grub_divmod64(val, 10, NULL);
> +       r = val - d * 10;
> +       temp[start + count] = '0' + (char) r;
> +       count++;
> +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
> +index 058ab27b0..7d64b6ab7 100644
> +--- a/include/grub/libtasn1.h
> ++++ b/include/grub/libtasn1.h
> +@@ -54,9 +54,8 @@
> + #  define __LIBTASN1_PURE__
> + # endif
> + 
> +-# include <sys/types.h>
> +-# include <time.h>
> +-# include <stdio.h>         /* for FILE* */
> ++# include <grub/types.h>
> ++# include <grub/time.h>
> + 
> + # ifdef __cplusplus
> + extern "C"
> +-- 
> +2.35.3
> +
> diff --git 
> a/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
>  
> b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> new file mode 100644
> index 000000000..2c4f4d394
> --- /dev/null
> +++ 
> b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> @@ -0,0 +1,35 @@
> +From 8f7c3c3b28a312f77499159c52f313487fba0d08 Mon Sep 17 00:00:00 2001
> +From: Gary Lin <glin@suse.com>
> +Date: Mon, 8 Apr 2024 14:57:21 +0800
> +Subject: [PATCH 3/3] libtasn1: fix the potential buffer overrun
> +
> +In _asn1_tag_der(), the first while loop for the long form may end up
> +with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
> +in the second while loop. This commit tweaks the conditional check to
> +avoid producing a too large 'k'.
> +
> +This is a quick fix and may differ from the official upstream fix.
> +
> +libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
> +
> +Signed-off-by: Gary Lin <glin@suse.com>
> +---
> + grub-core/lib/libtasn1/lib/coding.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/grub-core/lib/libtasn1/lib/coding.c 
> b/grub-core/lib/libtasn1/lib/coding.c
> +index 5d03bca9d..0458829a5 100644
> +--- a/grub-core/lib/libtasn1/lib/coding.c
> ++++ b/grub-core/lib/libtasn1/lib/coding.c
> +@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int 
> tag_value,
> +       temp[k++] = tag_value & 0x7F;
> +       tag_value >>= 7;
> + 
> +-      if (k > ASN1_MAX_TAG_SIZE - 1)
> ++      if (k >= ASN1_MAX_TAG_SIZE - 1)
> +         break;              /* will not encode larger tags */
> +     }
> +       *ans_len = k + 1;
> +-- 
> +2.35.3
> +



reply via email to

[Prev in Thread] Current Thread [Next in Thread]