On Thu, Apr 04, 2024 at 11:03:47PM +0200, Daniel Kiper wrote: > On Thu, Mar 07, 2024 at 04:59:05PM +0800, Gary Lin via Grub-devel wrote: > > On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote: > > > Hey, > > > > > --8<-- > > > > > > And I have attached the Coverity report. All issues reported there have > > > to be fixed. If you cannot fix an issue you have to explain why you > > > cannot do that and what is potential impact on the code stability, > > > security, etc. > > > > > I have went through all the coverity issues. There are 6 issues in the > > TPM2 stack and the utility: > > [...] > > Any progress on this? You are blocking another patch set which depends > on some code which you introduce. If there is no progress here I will > ask an author of the other patch set to resume the work and queue your > patch set as a second one to merge. > I was waiting for upstream fix for CID 435762(*). It can be fixed by tweaking an if statement slightly but upstream prefers code refactoring to remove the loops. Anyway, the only potentially vulnerable call path is disabled in my patch set, so we can choose to leave the issue for the later update or just apply a quick fix.
Cheers, Gary Lin (*) https://gitlab.com/gnutls/libtasn1/-/issues/49 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel