grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v15 05/20] libtasn1: fix the potential buffer overrun


From: Gary Lin
Subject: [PATCH v15 05/20] libtasn1: fix the potential buffer overrun
Date: Fri, 10 May 2024 14:34:53 +0800

In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.

This is a quick fix and may differ from the official upstream fix.

libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49

Signed-off-by: Gary Lin <glin@suse.com>
---
 grub-core/lib/libtasn1/lib/coding.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/lib/libtasn1/lib/coding.c 
b/grub-core/lib/libtasn1/lib/coding.c
index 5d03bca9d..0458829a5 100644
--- a/grub-core/lib/libtasn1/lib/coding.c
+++ b/grub-core/lib/libtasn1/lib/coding.c
@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int tag_value,
          temp[k++] = tag_value & 0x7F;
          tag_value >>= 7;
 
-         if (k > ASN1_MAX_TAG_SIZE - 1)
+         if (k >= ASN1_MAX_TAG_SIZE - 1)
            break;              /* will not encode larger tags */
        }
       *ans_len = k + 1;
-- 
2.35.3




reply via email to

[Prev in Thread] Current Thread [Next in Thread]