From: Gary Lin via Grub-devel <grub-devel@gnu.org>
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: Gary Lin <glin@suse.com>, Daniel Kiper <daniel.kiper@oracle.com>,
Hernan Gatta <hegatta@linux.microsoft.com>,
Daniel Axtens <dja@axtens.net>,
shkhisti@microsoft.com, jaskaran.khurana@microsoft.com,
christopher.co@microsoft.com, daniel.mihai@microsoft.com,
jaredz@redhat.com, development@efficientek.com,
jejb@linux.ibm.com, mchang@suse.com, patrick.colp@oracle.com,
Stefan Berger <stefanb@linux.ibm.com>,
Vladimir Serbinenko <phcoder@gmail.com>
Subject: [PATCH v19 08/33] libtasn1: fix the potential buffer overrun
Date: Fri, 6 Sep 2024 17:11:00 +0800 [thread overview]
Message-ID: <20240906091125.11570-9-glin@suse.com> (raw)
In-Reply-To: <20240906091125.11570-1-glin@suse.com>
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official upstream fix.
libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
...sn1-fix-the-potential-buffer-overrun.patch | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
create mode 100644 grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
diff --git a/grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch b/grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
new file mode 100644
index 000000000..c7c995565
--- /dev/null
+++ b/grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
@@ -0,0 +1,36 @@
+From 66f5485a9b4ea02f7d2796c5f245fcbf7c88b390 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Mon, 8 Apr 2024 14:57:21 +0800
+Subject: [PATCH 06/12] libtasn1: fix the potential buffer overrun
+
+In _asn1_tag_der(), the first while loop for the long form may end up
+with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
+in the second while loop. This commit tweaks the conditional check to
+avoid producing a too large 'k'.
+
+This is a quick fix and may differ from the official upstream fix.
+
+libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
+
+Signed-off-by: Gary Lin <glin@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/libtasn1-grub/lib/coding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/libtasn1-grub/lib/coding.c b/grub-core/lib/libtasn1-grub/lib/coding.c
+index 5d03bca9d..0458829a5 100644
+--- a/grub-core/lib/libtasn1-grub/lib/coding.c
++++ b/grub-core/lib/libtasn1-grub/lib/coding.c
+@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int tag_value,
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+- if (k > ASN1_MAX_TAG_SIZE - 1)
++ if (k >= ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+--
+2.35.3
+
--
2.35.3
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2024-09-06 9:13 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-06 9:10 [PATCH v19 00/33] Automatic Disk Unlock with TPM2 Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 01/33] posix_wrap: tweaks in preparation for libtasn1 Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 02/33] libtasn1: import libtasn1-4.19.0 Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 03/33] libtasn1: disable code not needed in grub Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 04/33] libtasn1: replace strcat() with strcpy() in _asn1_str_cat() Gary Lin via Grub-devel
2024-10-03 16:03 ` Daniel Kiper
2024-09-06 9:10 ` [PATCH v19 05/33] libtasn1: replace strcat() with _asn1_str_cat() Gary Lin via Grub-devel
2024-10-03 16:06 ` Daniel Kiper
2024-09-06 9:10 ` [PATCH v19 06/33] libtasn1: adjust the header paths in libtasn1.h Gary Lin via Grub-devel
2024-10-03 16:08 ` Daniel Kiper
2024-09-06 9:10 ` [PATCH v19 07/33] libtasn1: Use grub_divmod64() for division Gary Lin via Grub-devel
2024-09-06 9:11 ` Gary Lin via Grub-devel [this message]
2024-09-06 9:11 ` [PATCH v19 09/33] asn1_test: include asn1_test.h only Gary Lin via Grub-devel
2024-10-04 15:38 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 10/33] asn1_test: rename the main functions to the test names Gary Lin via Grub-devel
2024-10-04 15:43 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 11/33] asn1_test: remove 'verbose' and the unnecessary printf() Gary Lin via Grub-devel
2024-10-04 16:28 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 12/33] asn1_test: print the error messages with grub_printf() Gary Lin via Grub-devel
2024-10-04 16:31 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 13/33] asn1_test: return either 0 or 1 to reflect the results Gary Lin via Grub-devel
2024-10-04 16:34 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 14/33] asn1_test: use the grub-specific functions and types Gary Lin via Grub-devel
2024-10-04 16:36 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 15/33] libtasn1: compile into asn1 module Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 16/33] asn1_test: test module for libtasn1 Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 17/33] libtasn1: Add the documentation Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 18/33] key_protector: Add key protectors framework Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 19/33] tss2: Add TPM2 buffer handling functions Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 20/33] tss2: Add TPM2 types and Marshal/Unmarshal functions Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 21/33] tss2: Add TPM2 Software Stack (TSS2) support Gary Lin via Grub-devel
2024-09-18 3:14 ` Stefan Berger
2024-09-18 7:28 ` Gary Lin via Grub-devel
2024-10-01 14:48 ` Daniel Kiper
2024-10-04 6:14 ` Gary Lin via Grub-devel
2024-10-07 6:06 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 22/33] key_protector: Add TPM2 Key Protector Gary Lin via Grub-devel
2024-09-18 15:22 ` Stefan Berger
2024-09-19 7:45 ` Gary Lin via Grub-devel
2024-09-19 15:05 ` Stefan Berger
2024-09-20 2:17 ` Gary Lin via Grub-devel
2024-10-16 15:44 ` Daniel Kiper
2024-10-17 2:11 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 23/33] cryptodisk: Support key protectors Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 24/33] util/grub-protect: Add new tool Gary Lin via Grub-devel
2024-10-16 16:04 ` Daniel Kiper
2024-10-17 2:39 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 25/33] tpm2_key_protector: Support authorized policy Gary Lin via Grub-devel
2024-10-16 16:08 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 26/33] tpm2_key_protector: Implement NV index Gary Lin via Grub-devel
2024-10-16 16:11 ` Daniel Kiper
2024-10-17 2:54 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 27/33] cryptodisk: Fallback to passphrase Gary Lin via Grub-devel
2024-10-16 16:14 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 28/33] cryptodisk: wipe out the cached keys from protectors Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 29/33] diskfilter: look up cryptodisk devices first Gary Lin via Grub-devel
2024-10-16 16:19 ` Daniel Kiper
2024-10-17 2:56 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 30/33] tpm2_key_protector: Add grub-emu support Gary Lin via Grub-devel
2024-10-17 17:57 ` Daniel Kiper
2024-10-18 9:31 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 31/33] tests: Add tpm2_key_protector_test Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 32/33] cryptodisk: Document the '-P' option Gary Lin via Grub-devel
2024-10-17 18:00 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 33/33] docs: Document TPM2 key protector Gary Lin via Grub-devel
2024-09-13 14:25 ` Stefan Berger
2024-09-20 8:16 ` Gary Lin via Grub-devel
2024-09-20 13:42 ` Stefan Berger
2024-10-04 6:12 ` Gary Lin via Grub-devel
2024-09-13 14:32 ` [PATCH v19 00/33] Automatic Disk Unlock with TPM2 Stefan Berger
2024-09-16 2:24 ` Gary Lin via Grub-devel
2024-09-16 3:35 ` Gary Lin via Grub-devel
2024-09-16 17:42 ` Stefan Berger
2024-09-17 19:23 ` Stefan Berger
2024-09-18 3:12 ` Gary Lin via Grub-devel
2024-09-18 3:05 ` Gary Lin via Grub-devel
2024-09-18 14:09 ` Stefan Berger
2024-09-18 15:17 ` Stefan Berger
2024-09-19 7:59 ` Gary Lin via Grub-devel
2024-10-03 15:58 ` Daniel Kiper
2024-10-04 6:21 ` Gary Lin via Grub-devel
2024-10-17 18:05 ` Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240906091125.11570-9-glin@suse.com \
--to=grub-devel@gnu.org \
--cc=christopher.co@microsoft.com \
--cc=daniel.kiper@oracle.com \
--cc=daniel.mihai@microsoft.com \
--cc=development@efficientek.com \
--cc=dja@axtens.net \
--cc=glin@suse.com \
--cc=hegatta@linux.microsoft.com \
--cc=jaredz@redhat.com \
--cc=jaskaran.khurana@microsoft.com \
--cc=jejb@linux.ibm.com \
--cc=mchang@suse.com \
--cc=patrick.colp@oracle.com \
--cc=phcoder@gmail.com \
--cc=shkhisti@microsoft.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.