From: Glenn Washburn <development@efficientek.com>
To: Gary Lin <glin@suse.com>
Cc: The development of GNU GRUB <grub-devel@gnu.org>,
Hernan Gatta <hegatta@linux.microsoft.com>,
Daniel Axtens <dja@axtens.net>,
Daniel Kiper <daniel.kiper@oracle.com>,
shkhisti@microsoft.com, jaskaran.khurana@microsoft.com,
christopher.co@microsoft.com, daniel.mihai@microsoft.com,
jaredz@redhat.com, jejb@linux.ibm.com, mchang@suse.com,
patrick.colp@oracle.com, Stefan Berger <stefanb@linux.ibm.com>,
Vladimir Serbinenko <phcoder@gmail.com>
Subject: Re: [PATCH v13 08/20] libtasn1: Add the documentation
Date: Sat, 27 Apr 2024 03:27:57 -0500 [thread overview]
Message-ID: <20240427032757.4f6e1207@crass-HP-ZBook-15-G2> (raw)
In-Reply-To: <20240425080206.23902-9-glin@suse.com>
On Thu, 25 Apr 2024 16:01:54 +0800
Gary Lin <glin@suse.com> wrote:
> Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
> Also add the patches to make libtasn1 compatible with grub code.
>
> Signed-off-by: Gary Lin <glin@suse.com>
> Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
> ---
> docs/grub-dev.texi | 28 ++
> ...asn1-disable-code-not-needed-in-grub.patch | 320 ++++++++++++++++++
> ...tasn1-changes-for-grub-compatibility.patch | 135 ++++++++
> ...sn1-fix-the-potential-buffer-overrun.patch | 35 ++
> 4 files changed, 518 insertions(+)
> create mode 100644 grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> create mode 100644 grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> create mode 100644 grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
>
> diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
> index 1276c5930..36bf77883 100644
> --- a/docs/grub-dev.texi
> +++ b/docs/grub-dev.texi
> @@ -506,6 +506,7 @@ to update it.
> * Gnulib::
> * jsmn::
> * minilzo::
> +* libtasn1::
> @end menu
>
> @node Gnulib
> @@ -596,6 +597,33 @@ cp minilzo-2.10/*.[hc] grub-core/lib/minilzo
> rm -r minilzo-2.10*
> @end example
>
> +@node libtasn1
> +@section libtasn1
> +
> +libtasn1 is a library providing Abstract Syntax Notation One (ASN.1, as
> +specified by the X.680 ITU-T recommendation) parsing and structures management,
> +and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding
> +functions.
> +
> +To upgrade to a new version of the libtasn1 library, download the release
> +tarball and copy the files into the target directory:
> +
> +@example
> +curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz
> +tar -zxf libtasn1-4.19.0.tar.gz
> +rm -r grub-core/lib/libtasn1/
> +mkdir libtasn1/lib
> +mkdir -p grub-core/lib/libtasn1/lib/
> +cp libtasn1-4.19.0/@lbracechar{}README.md,COPYING@rbracechar{} grub-core/lib/libtasn1/
> +cp libtasn1-4.19.0/lib/@lbracechar{}coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h@rbracechar{} grub-core/lib/libtasn1/lib/
> +cp libtasn1-4.19.0/lib/includes/libtasn1.h include/grub/
> +rm -rf libtasn1-4.19.0
> +@end example
> +
> +After upgrading the library, it is necessary to apply the patches in
s/is/may be/
> +@file{grub-core/lib/libtasn1-patches/} to adjust the code to be compatible with
> +grub.
Add after this sentence, I think its worth mentioning the following:
These patches were needed to use the current version of libtasn1. The
existing patches may not apply cleanly, apply at all, or even be
needed for a newer version of the library, and other patches maybe
needed due to changes in the newer version. If existing patches need
to be refreshed to apply cleanly, please include updated patches as
part of the a patch set sent to the list. If new patches are needed
or existing patches are not needed, also please send additions or
removals as part of any patch set upgrading libtasn1.
Glenn
> +
> @node Debugging
> @chapter Debugging
>
> diff --git a/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> new file mode 100644
> index 000000000..e3264409f
> --- /dev/null
> +++ b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> @@ -0,0 +1,320 @@
> +From 715f65934a120730316751536194ec5ed86aed9c Mon Sep 17 00:00:00 2001
> +From: Daniel Axtens <dja@axtens.net>
> +Date: Fri, 1 May 2020 17:12:23 +1000
> +Subject: [PATCH 1/3] libtasn1: disable code not needed in grub
> +
> +We don't expect to be able to write ASN.1, only read it,
> +so we can disable some code.
> +
> +Do that with #if 0/#endif, rather than deletion. This means
> +that the difference between upstream and grub is smaller,
> +which should make updating libtasn1 easier in the future.
> +
> +With these exclusions we also avoid the need for minmax.h,
> +which is convenient because it means we don't have to
> +import it from gnulib.
> +
> +Cc: Vladimir Serbinenko <phcoder@gmail.com>
> +Signed-off-by: Daniel Axtens <dja@axtens.net>
> +Signed-off-by: Gary Lin <glin@suse.com>
> +---
> + grub-core/lib/libtasn1/lib/coding.c | 12 ++++++++++--
> + grub-core/lib/libtasn1/lib/decoding.c | 2 ++
> + grub-core/lib/libtasn1/lib/element.c | 6 +++---
> + grub-core/lib/libtasn1/lib/errors.c | 3 +++
> + grub-core/lib/libtasn1/lib/structure.c | 10 ++++++----
> + include/grub/libtasn1.h | 15 +++++++++++++++
> + 6 files changed, 39 insertions(+), 9 deletions(-)
> +
> +diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c
> +index ea5bc370e..5d03bca9d 100644
> +--- a/grub-core/lib/libtasn1/lib/coding.c
> ++++ b/grub-core/lib/libtasn1/lib/coding.c
> +@@ -30,11 +30,11 @@
> + #include "parser_aux.h"
> + #include <gstr.h>
> + #include "element.h"
> +-#include "minmax.h"
> + #include <structure.h>
> +
> + #define MAX_TAG_LEN 16
> +
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_error_description_value_not_found */
> + /* Description: creates the ErrorDescription string */
> +@@ -58,6 +58,7 @@ _asn1_error_description_value_not_found (asn1_node node,
> + Estrcat (ErrorDescription, "' not found");
> +
> + }
> ++#endif
> +
> + /**
> + * asn1_length_der:
> +@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const unsigned char *str,
> + return ASN1_SUCCESS;
> + }
> +
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_time_der */
> + /* Description: creates the DER coding for a TIME */
> +@@ -278,7 +280,7 @@ _asn1_time_der (unsigned char *str, int str_len, unsigned char *der,
> +
> + return ASN1_SUCCESS;
> + }
> +-
> ++#endif
> +
> + /*
> + void
> +@@ -519,6 +521,7 @@ asn1_bit_der (const unsigned char *str, int bit_len,
> + }
> +
> +
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_complete_explicit_tag */
> + /* Description: add the length coding to the EXPLICIT */
> +@@ -595,6 +598,7 @@ _asn1_complete_explicit_tag (asn1_node node, unsigned char *der,
> +
> + return ASN1_SUCCESS;
> + }
> ++#endif
> +
> + const tag_and_class_st _asn1_tags[] = {
> + [ASN1_ETYPE_GENERALSTRING] =
> +@@ -647,6 +651,8 @@ const tag_and_class_st _asn1_tags[] = {
> +
> + unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]);
> +
> ++
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /******************************************************/
> + /* Function : _asn1_insert_tag_der */
> + /* Description: creates the DER coding of tags of one */
> +@@ -1423,3 +1429,5 @@ error:
> + asn1_delete_structure (&node);
> + return err;
> + }
> ++
> ++#endif
> +diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c
> +index b9245c486..bf9cb13ac 100644
> +--- a/grub-core/lib/libtasn1/lib/decoding.c
> ++++ b/grub-core/lib/libtasn1/lib/decoding.c
> +@@ -1620,6 +1620,7 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len,
> + return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription);
> + }
> +
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> + * asn1_der_decoding_element:
> + * @structure: pointer to an ASN1 structure
> +@@ -1650,6 +1651,7 @@ asn1_der_decoding_element (asn1_node * structure, const char *elementName,
> + {
> + return asn1_der_decoding (structure, ider, len, errorDescription);
> + }
> ++#endif
> +
> + /**
> + * asn1_der_decoding_startEnd:
> +diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c
> +index d4c558e10..bc4c3c8d7 100644
> +--- a/grub-core/lib/libtasn1/lib/element.c
> ++++ b/grub-core/lib/libtasn1/lib/element.c
> +@@ -118,7 +118,7 @@ _asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
> + value_out[k2 - k] = val[k2];
> + }
> +
> +-#if 0
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
> + for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
> + printf (", vOut[%d]=%d", k, value_out[k]);
> +@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
> + return ASN1_SUCCESS;
> + }
> +
> +-
> ++#if 0
> + /**
> + * asn1_write_value:
> + * @node_root: pointer to a structure
> +@@ -646,7 +646,7 @@ asn1_write_value (asn1_node node_root, const char *name,
> +
> + return ASN1_SUCCESS;
> + }
> +-
> ++#endif
> +
> + #define PUT_VALUE( ptr, ptr_size, data, data_size) \
> + *len = data_size; \
> +diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c
> +index aef5dfe6f..2b2322152 100644
> +--- a/grub-core/lib/libtasn1/lib/errors.c
> ++++ b/grub-core/lib/libtasn1/lib/errors.c
> +@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = {
> + {0, 0}
> + };
> +
> ++
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> + * asn1_perror:
> + * @error: is an error returned by a libtasn1 function.
> +@@ -73,6 +75,7 @@ asn1_perror (int error)
> + const char *str = asn1_strerror (error);
> + fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
> + }
> ++#endif
> +
> + /**
> + * asn1_strerror:
> +diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c
> +index 512dd601f..f5a947d57 100644
> +--- a/grub-core/lib/libtasn1/lib/structure.c
> ++++ b/grub-core/lib/libtasn1/lib/structure.c
> +@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node)
> + return node->left;
> + }
> +
> +-
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + int
> + _asn1_create_static_structure (asn1_node_const pointer,
> + char *output_file_name, char *vector_name)
> +@@ -155,7 +155,7 @@ _asn1_create_static_structure (asn1_node_const pointer,
> +
> + return ASN1_SUCCESS;
> + }
> +-
> ++#endif
> +
> + /**
> + * asn1_array2tree:
> +@@ -721,7 +721,7 @@ asn1_create_element (asn1_node_const definitions, const char *source_name,
> + return res;
> + }
> +
> +-
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> + * asn1_print_structure:
> + * @out: pointer to the output file (e.g. stdout).
> +@@ -1062,7 +1062,7 @@ asn1_print_structure (FILE * out, asn1_node_const structure, const char *name,
> + }
> + }
> + }
> +-
> ++#endif
> +
> +
> + /**
> +@@ -1158,6 +1158,7 @@ asn1_find_structure_from_oid (asn1_node_const definitions,
> + return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
> + }
> +
> ++#if 0 /* GRUB SKIPPED IMPORTING */
> + /**
> + * asn1_copy_node:
> + * @dst: Destination asn1 node.
> +@@ -1207,6 +1208,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name,
> +
> + return result;
> + }
> ++#endif
> +
> + /**
> + * asn1_dup_node:
> +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
> +index 51cc7879f..058ab27b0 100644
> +--- a/include/grub/libtasn1.h
> ++++ b/include/grub/libtasn1.h
> +@@ -318,6 +318,8 @@ extern "C"
> + /* Functions definitions */
> + /***********************************/
> +
> ++/* These functions are not used in grub and should not be referenced. */
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + extern ASN1_API int
> + asn1_parser2tree (const char *file,
> + asn1_node * definitions, char *error_desc);
> +@@ -326,14 +328,17 @@ extern "C"
> + asn1_parser2array (const char *inputFileName,
> + const char *outputFileName,
> + const char *vectorName, char *error_desc);
> ++# endif
> +
> + extern ASN1_API int
> + asn1_array2tree (const asn1_static_node * array,
> + asn1_node * definitions, char *errorDescription);
> +
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + extern ASN1_API void
> + asn1_print_structure (FILE * out, asn1_node_const structure,
> + const char *name, int mode);
> ++# endif
> +
> + extern ASN1_API int
> + asn1_create_element (asn1_node_const definitions,
> +@@ -347,9 +352,11 @@ extern "C"
> + extern ASN1_API int
> + asn1_delete_element (asn1_node structure, const char *element_name);
> +
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + extern ASN1_API int
> + asn1_write_value (asn1_node node_root, const char *name,
> + const void *ivalue, int len);
> ++# endif
> +
> + extern ASN1_API int
> + asn1_read_value (asn1_node_const root, const char *name,
> +@@ -366,9 +373,11 @@ extern "C"
> + asn1_number_of_elements (asn1_node_const element, const char *name,
> + int *num);
> +
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + extern ASN1_API int
> + asn1_der_coding (asn1_node_const element, const char *name,
> + void *ider, int *len, char *ErrorDescription);
> ++# endif
> +
> + extern ASN1_API int
> + asn1_der_decoding2 (asn1_node * element, const void *ider,
> +@@ -379,6 +388,7 @@ extern "C"
> + asn1_der_decoding (asn1_node * element, const void *ider,
> + int ider_len, char *errorDescription);
> +
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + /* Do not use. Use asn1_der_decoding() instead. */
> + extern ASN1_API int
> + asn1_der_decoding_element (asn1_node * structure,
> +@@ -386,6 +396,7 @@ extern "C"
> + const void *ider, int len,
> + char *errorDescription)
> + _ASN1_GCC_ATTR_DEPRECATED;
> ++# endif
> +
> + extern ASN1_API int
> + asn1_der_decoding_startEnd (asn1_node element,
> +@@ -411,12 +422,16 @@ extern "C"
> + const char
> + *oidValue);
> +
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + __LIBTASN1_PURE__
> + extern ASN1_API const char *asn1_check_version (const char *req_version);
> ++# endif
> +
> + __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error);
> +
> ++# if 0 /* GRUB SKIPPED IMPORTING */
> + extern ASN1_API void asn1_perror (int error);
> ++# endif
> +
> + # define ASN1_MAX_TAG_SIZE 4
> + # define ASN1_MAX_LENGTH_SIZE 9
> +--
> +2.35.3
> +
> diff --git a/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> new file mode 100644
> index 000000000..5ab885e91
> --- /dev/null
> +++ b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> @@ -0,0 +1,135 @@
> +From d13793c210999b256b46970b5f76d41a57e5c8fc Mon Sep 17 00:00:00 2001
> +From: Daniel Axtens <dja@axtens.net>
> +Date: Fri, 1 May 2020 20:44:29 +1000
> +Subject: [PATCH 2/3] libtasn1: changes for grub compatibility
> +
> +Do a few things to make libtasn1 compile as part of grub:
> +
> + - remove _asn1_strcat and replace strcat with the bound-checked
> + _asn1_str_cat except the one inside _asn1_str_cat. That strcat is
> + replaced with strcpy.
> +
> + - adjust header paths in libtasn1.h
> +
> + - adjust header paths to "grub/libtasn1.h".
> +
> + - replace a 64 bit division with a call to grub_divmod64, preventing
> + creation of __udivdi3 calls on 32 bit platforms.
> +
> +Cc: Vladimir Serbinenko <phcoder@gmail.com>
> +Signed-off-by: Daniel Axtens <dja@axtens.net>
> +Signed-off-by: Gary Lin <glin@suse.com>
> +---
> + grub-core/lib/libtasn1/lib/decoding.c | 8 ++++----
> + grub-core/lib/libtasn1/lib/element.c | 2 +-
> + grub-core/lib/libtasn1/lib/gstr.c | 2 +-
> + grub-core/lib/libtasn1/lib/int.h | 3 +--
> + grub-core/lib/libtasn1/lib/parser_aux.c | 2 +-
> + include/grub/libtasn1.h | 5 ++---
> + 6 files changed, 10 insertions(+), 12 deletions(-)
> +
> +diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c
> +index bf9cb13ac..51859fe36 100644
> +--- a/grub-core/lib/libtasn1/lib/decoding.c
> ++++ b/grub-core/lib/libtasn1/lib/decoding.c
> +@@ -2016,8 +2016,8 @@ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element,
> + (p2->type & CONST_ASSIGN))
> + {
> + strcpy (name, definitions->name);
> +- strcat (name, ".");
> +- strcat (name, p2->name);
> ++ _asn1_str_cat (name, sizeof (name), ".");
> ++ _asn1_str_cat (name, sizeof (name), p2->name);
> +
> + len = sizeof (value);
> + result = asn1_read_value (definitions, name, value, &len);
> +@@ -2034,8 +2034,8 @@ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element,
> + if (p2)
> + {
> + strcpy (name, definitions->name);
> +- strcat (name, ".");
> +- strcat (name, p2->name);
> ++ _asn1_str_cat (name, sizeof (name), ".");
> ++ _asn1_str_cat (name, sizeof (name), p2->name);
> +
> + result = asn1_create_element (definitions, name, &aux);
> + if (result == ASN1_SUCCESS)
> +diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c
> +index bc4c3c8d7..8694fecb9 100644
> +--- a/grub-core/lib/libtasn1/lib/element.c
> ++++ b/grub-core/lib/libtasn1/lib/element.c
> +@@ -688,7 +688,7 @@ asn1_write_value (asn1_node node_root, const char *name,
> + return ASN1_MEM_ERROR; \
> + } else { \
> + /* this strcat is checked */ \
> +- if (ptr) _asn1_strcat (ptr, data); \
> ++ if (ptr) _asn1_str_cat ((char *)ptr, ptr_size, (const char *)data); \
> + }
> +
> + /**
> +diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c
> +index eef419554..a9c16f5d3 100644
> +--- a/grub-core/lib/libtasn1/lib/gstr.c
> ++++ b/grub-core/lib/libtasn1/lib/gstr.c
> +@@ -36,7 +36,7 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src)
> +
> + if (dest_tot_size - dest_size > str_size)
> + {
> +- strcat (dest, src);
> ++ strcpy (dest + dest_size, src);
> + }
> + else
> + {
> +diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h
> +index d94d51c8c..7409c7655 100644
> +--- a/grub-core/lib/libtasn1/lib/int.h
> ++++ b/grub-core/lib/libtasn1/lib/int.h
> +@@ -35,7 +35,7 @@
> + # include <sys/types.h>
> + # endif
> +
> +-# include <libtasn1.h>
> ++# include "grub/libtasn1.h"
> +
> + # define ASN1_SMALL_VALUE_SIZE 16
> +
> +@@ -115,7 +115,6 @@ extern const tag_and_class_st _asn1_tags[];
> + # define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b)
> + # define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b)
> + # define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b)
> +-# define _asn1_strcat(a,b) strcat((char *)a, (const char *)b)
> +
> + # if SIZEOF_UNSIGNED_LONG_INT == 8
> + # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
> +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c
> +index c05bd2339..e4e4c0556 100644
> +--- a/grub-core/lib/libtasn1/lib/parser_aux.c
> ++++ b/grub-core/lib/libtasn1/lib/parser_aux.c
> +@@ -632,7 +632,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
> + count = 0;
> + do
> + {
> +- d = val / 10;
> ++ d = grub_divmod64(val, 10, NULL);
> + r = val - d * 10;
> + temp[start + count] = '0' + (char) r;
> + count++;
> +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
> +index 058ab27b0..7d64b6ab7 100644
> +--- a/include/grub/libtasn1.h
> ++++ b/include/grub/libtasn1.h
> +@@ -54,9 +54,8 @@
> + # define __LIBTASN1_PURE__
> + # endif
> +
> +-# include <sys/types.h>
> +-# include <time.h>
> +-# include <stdio.h> /* for FILE* */
> ++# include <grub/types.h>
> ++# include <grub/time.h>
> +
> + # ifdef __cplusplus
> + extern "C"
> +--
> +2.35.3
> +
> diff --git a/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> new file mode 100644
> index 000000000..2c4f4d394
> --- /dev/null
> +++ b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> @@ -0,0 +1,35 @@
> +From 8f7c3c3b28a312f77499159c52f313487fba0d08 Mon Sep 17 00:00:00 2001
> +From: Gary Lin <glin@suse.com>
> +Date: Mon, 8 Apr 2024 14:57:21 +0800
> +Subject: [PATCH 3/3] libtasn1: fix the potential buffer overrun
> +
> +In _asn1_tag_der(), the first while loop for the long form may end up
> +with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
> +in the second while loop. This commit tweaks the conditional check to
> +avoid producing a too large 'k'.
> +
> +This is a quick fix and may differ from the official upstream fix.
> +
> +libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
> +
> +Signed-off-by: Gary Lin <glin@suse.com>
> +---
> + grub-core/lib/libtasn1/lib/coding.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c
> +index 5d03bca9d..0458829a5 100644
> +--- a/grub-core/lib/libtasn1/lib/coding.c
> ++++ b/grub-core/lib/libtasn1/lib/coding.c
> +@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int tag_value,
> + temp[k++] = tag_value & 0x7F;
> + tag_value >>= 7;
> +
> +- if (k > ASN1_MAX_TAG_SIZE - 1)
> ++ if (k >= ASN1_MAX_TAG_SIZE - 1)
> + break; /* will not encode larger tags */
> + }
> + *ans_len = k + 1;
> +--
> +2.35.3
> +
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2024-04-27 8:28 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-25 8:01 [PATCH v13 00/20] Automatic Disk Unlock with TPM2 Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 01/20] posix_wrap: tweaks in preparation for libtasn1 Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 02/20] libtasn1: import libtasn1-4.19.0 Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 03/20] libtasn1: disable code not needed in grub Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 04/20] libtasn1: changes for grub compatibility Gary Lin via Grub-devel
2024-04-30 13:14 ` Stefan Berger
2024-04-25 8:01 ` [PATCH v13 05/20] libtasn1: fix the potential buffer overrun Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 06/20] libtasn1: compile into asn1 module Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 07/20] asn1_test: test module for libtasn1 Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 08/20] libtasn1: Add the documentation Gary Lin via Grub-devel
2024-04-27 8:27 ` Glenn Washburn [this message]
2024-04-29 6:21 ` Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 09/20] key_protector: Add key protectors framework Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 10/20] tpm2: Add TPM Software Stack (TSS) Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 11/20] key_protector: Add TPM2 Key Protector Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 12/20] cryptodisk: Support key protectors Gary Lin via Grub-devel
2024-04-25 8:01 ` [PATCH v13 13/20] util/grub-protect: Add new tool Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 14/20] tpm2: Support authorized policy Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 15/20] tpm2: Implement NV index Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 16/20] cryptodisk: Fallback to passphrase Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 17/20] cryptodisk: wipe out the cached keys from protectors Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 18/20] diskfilter: look up cryptodisk devices first Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 19/20] tpm2: Enable tpm2 module for grub-emu Gary Lin via Grub-devel
2024-04-25 8:02 ` [PATCH v13 20/20] tests: Add tpm2_test Gary Lin via Grub-devel
2024-04-26 22:18 ` Glenn Washburn
2024-04-29 8:10 ` Gary Lin via Grub-devel
2024-04-30 8:09 ` Gary Lin via Grub-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240427032757.4f6e1207@crass-HP-ZBook-15-G2 \
--to=development@efficientek.com \
--cc=christopher.co@microsoft.com \
--cc=daniel.kiper@oracle.com \
--cc=daniel.mihai@microsoft.com \
--cc=dja@axtens.net \
--cc=glin@suse.com \
--cc=grub-devel@gnu.org \
--cc=hegatta@linux.microsoft.com \
--cc=jaredz@redhat.com \
--cc=jaskaran.khurana@microsoft.com \
--cc=jejb@linux.ibm.com \
--cc=mchang@suse.com \
--cc=patrick.colp@oracle.com \
--cc=phcoder@gmail.com \
--cc=shkhisti@microsoft.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.