On Sat, Apr 27, 2024 at 03:27:57AM -0500, Glenn Washburn wrote: > On Thu, 25 Apr 2024 16:01:54 +0800 > Gary Lin <g...@suse.com> wrote: > > > Document libtasn1 in docs/grub-dev.texi and add the upgrade steps. > > Also add the patches to make libtasn1 compatible with grub code. > > > > Signed-off-by: Gary Lin <g...@suse.com> > > Reviewed-by: Vladimir Serbinenko <phco...@gmail.com> > > --- > > docs/grub-dev.texi | 28 ++ > > ...asn1-disable-code-not-needed-in-grub.patch | 320 ++++++++++++++++++ > > ...tasn1-changes-for-grub-compatibility.patch | 135 ++++++++ > > ...sn1-fix-the-potential-buffer-overrun.patch | 35 ++ > > 4 files changed, 518 insertions(+) > > create mode 100644 > > grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch > > create mode 100644 > > grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch > > create mode 100644 > > grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch > > > > diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi > > index 1276c5930..36bf77883 100644 > > --- a/docs/grub-dev.texi > > +++ b/docs/grub-dev.texi > > @@ -506,6 +506,7 @@ to update it. > > * Gnulib:: > > * jsmn:: > > * minilzo:: > > +* libtasn1:: > > @end menu > > > > @node Gnulib > > @@ -596,6 +597,33 @@ cp minilzo-2.10/*.[hc] grub-core/lib/minilzo > > rm -r minilzo-2.10* > > @end example > > > > +@node libtasn1 > > +@section libtasn1 > > + > > +libtasn1 is a library providing Abstract Syntax Notation One (ASN.1, as > > +specified by the X.680 ITU-T recommendation) parsing and structures > > management, > > +and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding > > +functions. > > + > > +To upgrade to a new version of the libtasn1 library, download the release > > +tarball and copy the files into the target directory: > > + > > +@example > > +curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz > > +tar -zxf libtasn1-4.19.0.tar.gz > > +rm -r grub-core/lib/libtasn1/ > > +mkdir libtasn1/lib > > +mkdir -p grub-core/lib/libtasn1/lib/ > > +cp libtasn1-4.19.0/@lbracechar{}README.md,COPYING@rbracechar{} > > grub-core/lib/libtasn1/ > > +cp > > libtasn1-4.19.0/lib/@lbracechar{}coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h@rbracechar{} > > grub-core/lib/libtasn1/lib/ > > +cp libtasn1-4.19.0/lib/includes/libtasn1.h include/grub/ > > +rm -rf libtasn1-4.19.0 > > +@end example > > + > > +After upgrading the library, it is necessary to apply the patches in > > s/is/may be/ > > > +@file{grub-core/lib/libtasn1-patches/} to adjust the code to be compatible > > with > > +grub. > > Add after this sentence, I think its worth mentioning the following: > > These patches were needed to use the current version of libtasn1. The > existing patches may not apply cleanly, apply at all, or even be > needed for a newer version of the library, and other patches maybe > needed due to changes in the newer version. If existing patches need > to be refreshed to apply cleanly, please include updated patches as > part of the a patch set sent to the list. If new patches are needed > or existing patches are not needed, also please send additions or > removals as part of any patch set upgrading libtasn1. > Thanks for the suggestion. This is a nice reminder for anyone who wants to update libtasn1 later. Will add them to v14.
Gary Lin > Glenn > > > + > > @node Debugging > > @chapter Debugging > > > > diff --git > > a/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch > > > > b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch > > new file mode 100644 > > index 000000000..e3264409f > > --- /dev/null > > +++ > > b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch > > @@ -0,0 +1,320 @@ > > +From 715f65934a120730316751536194ec5ed86aed9c Mon Sep 17 00:00:00 2001 > > +From: Daniel Axtens <d...@axtens.net> > > +Date: Fri, 1 May 2020 17:12:23 +1000 > > +Subject: [PATCH 1/3] libtasn1: disable code not needed in grub > > + > > +We don't expect to be able to write ASN.1, only read it, > > +so we can disable some code. > > + > > +Do that with #if 0/#endif, rather than deletion. This means > > +that the difference between upstream and grub is smaller, > > +which should make updating libtasn1 easier in the future. > > + > > +With these exclusions we also avoid the need for minmax.h, > > +which is convenient because it means we don't have to > > +import it from gnulib. > > + > > +Cc: Vladimir Serbinenko <phco...@gmail.com> > > +Signed-off-by: Daniel Axtens <d...@axtens.net> > > +Signed-off-by: Gary Lin <g...@suse.com> > > +--- > > + grub-core/lib/libtasn1/lib/coding.c | 12 ++++++++++-- > > + grub-core/lib/libtasn1/lib/decoding.c | 2 ++ > > + grub-core/lib/libtasn1/lib/element.c | 6 +++--- > > + grub-core/lib/libtasn1/lib/errors.c | 3 +++ > > + grub-core/lib/libtasn1/lib/structure.c | 10 ++++++---- > > + include/grub/libtasn1.h | 15 +++++++++++++++ > > + 6 files changed, 39 insertions(+), 9 deletions(-) > > + > > +diff --git a/grub-core/lib/libtasn1/lib/coding.c > > b/grub-core/lib/libtasn1/lib/coding.c > > +index ea5bc370e..5d03bca9d 100644 > > +--- a/grub-core/lib/libtasn1/lib/coding.c > > ++++ b/grub-core/lib/libtasn1/lib/coding.c > > +@@ -30,11 +30,11 @@ > > + #include "parser_aux.h" > > + #include <gstr.h> > > + #include "element.h" > > +-#include "minmax.h" > > + #include <structure.h> > > + > > + #define MAX_TAG_LEN 16 > > + > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /******************************************************/ > > + /* Function : _asn1_error_description_value_not_found */ > > + /* Description: creates the ErrorDescription string */ > > +@@ -58,6 +58,7 @@ _asn1_error_description_value_not_found (asn1_node node, > > + Estrcat (ErrorDescription, "' not found"); > > + > > + } > > ++#endif > > + > > + /** > > + * asn1_length_der: > > +@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const > > unsigned char *str, > > + return ASN1_SUCCESS; > > + } > > + > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /******************************************************/ > > + /* Function : _asn1_time_der */ > > + /* Description: creates the DER coding for a TIME */ > > +@@ -278,7 +280,7 @@ _asn1_time_der (unsigned char *str, int str_len, > > unsigned char *der, > > + > > + return ASN1_SUCCESS; > > + } > > +- > > ++#endif > > + > > + /* > > + void > > +@@ -519,6 +521,7 @@ asn1_bit_der (const unsigned char *str, int bit_len, > > + } > > + > > + > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /******************************************************/ > > + /* Function : _asn1_complete_explicit_tag */ > > + /* Description: add the length coding to the EXPLICIT */ > > +@@ -595,6 +598,7 @@ _asn1_complete_explicit_tag (asn1_node node, unsigned > > char *der, > > + > > + return ASN1_SUCCESS; > > + } > > ++#endif > > + > > + const tag_and_class_st _asn1_tags[] = { > > + [ASN1_ETYPE_GENERALSTRING] = > > +@@ -647,6 +651,8 @@ const tag_and_class_st _asn1_tags[] = { > > + > > + unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof > > (_asn1_tags[0]); > > + > > ++ > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /******************************************************/ > > + /* Function : _asn1_insert_tag_der */ > > + /* Description: creates the DER coding of tags of one */ > > +@@ -1423,3 +1429,5 @@ error: > > + asn1_delete_structure (&node); > > + return err; > > + } > > ++ > > ++#endif > > +diff --git a/grub-core/lib/libtasn1/lib/decoding.c > > b/grub-core/lib/libtasn1/lib/decoding.c > > +index b9245c486..bf9cb13ac 100644 > > +--- a/grub-core/lib/libtasn1/lib/decoding.c > > ++++ b/grub-core/lib/libtasn1/lib/decoding.c > > +@@ -1620,6 +1620,7 @@ asn1_der_decoding (asn1_node * element, const void > > *ider, int ider_len, > > + return asn1_der_decoding2 (element, ider, &ider_len, 0, > > errorDescription); > > + } > > + > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /** > > + * asn1_der_decoding_element: > > + * @structure: pointer to an ASN1 structure > > +@@ -1650,6 +1651,7 @@ asn1_der_decoding_element (asn1_node * structure, > > const char *elementName, > > + { > > + return asn1_der_decoding (structure, ider, len, errorDescription); > > + } > > ++#endif > > + > > + /** > > + * asn1_der_decoding_startEnd: > > +diff --git a/grub-core/lib/libtasn1/lib/element.c > > b/grub-core/lib/libtasn1/lib/element.c > > +index d4c558e10..bc4c3c8d7 100644 > > +--- a/grub-core/lib/libtasn1/lib/element.c > > ++++ b/grub-core/lib/libtasn1/lib/element.c > > +@@ -118,7 +118,7 @@ _asn1_convert_integer (const unsigned char *value, > > unsigned char *value_out, > > + value_out[k2 - k] = val[k2]; > > + } > > + > > +-#if 0 > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); > > + for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) > > + printf (", vOut[%d]=%d", k, value_out[k]); > > +@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct > > node_tail_cache_st *pcache) > > + return ASN1_SUCCESS; > > + } > > + > > +- > > ++#if 0 > > + /** > > + * asn1_write_value: > > + * @node_root: pointer to a structure > > +@@ -646,7 +646,7 @@ asn1_write_value (asn1_node node_root, const char > > *name, > > + > > + return ASN1_SUCCESS; > > + } > > +- > > ++#endif > > + > > + #define PUT_VALUE( ptr, ptr_size, data, data_size) \ > > + *len = data_size; \ > > +diff --git a/grub-core/lib/libtasn1/lib/errors.c > > b/grub-core/lib/libtasn1/lib/errors.c > > +index aef5dfe6f..2b2322152 100644 > > +--- a/grub-core/lib/libtasn1/lib/errors.c > > ++++ b/grub-core/lib/libtasn1/lib/errors.c > > +@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = { > > + {0, 0} > > + }; > > + > > ++ > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /** > > + * asn1_perror: > > + * @error: is an error returned by a libtasn1 function. > > +@@ -73,6 +75,7 @@ asn1_perror (int error) > > + const char *str = asn1_strerror (error); > > + fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)"); > > + } > > ++#endif > > + > > + /** > > + * asn1_strerror: > > +diff --git a/grub-core/lib/libtasn1/lib/structure.c > > b/grub-core/lib/libtasn1/lib/structure.c > > +index 512dd601f..f5a947d57 100644 > > +--- a/grub-core/lib/libtasn1/lib/structure.c > > ++++ b/grub-core/lib/libtasn1/lib/structure.c > > +@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node) > > + return node->left; > > + } > > + > > +- > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + int > > + _asn1_create_static_structure (asn1_node_const pointer, > > + char *output_file_name, char *vector_name) > > +@@ -155,7 +155,7 @@ _asn1_create_static_structure (asn1_node_const pointer, > > + > > + return ASN1_SUCCESS; > > + } > > +- > > ++#endif > > + > > + /** > > + * asn1_array2tree: > > +@@ -721,7 +721,7 @@ asn1_create_element (asn1_node_const definitions, > > const char *source_name, > > + return res; > > + } > > + > > +- > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /** > > + * asn1_print_structure: > > + * @out: pointer to the output file (e.g. stdout). > > +@@ -1062,7 +1062,7 @@ asn1_print_structure (FILE * out, asn1_node_const > > structure, const char *name, > > + } > > + } > > + } > > +- > > ++#endif > > + > > + > > + /** > > +@@ -1158,6 +1158,7 @@ asn1_find_structure_from_oid (asn1_node_const > > definitions, > > + return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ > > + } > > + > > ++#if 0 /* GRUB SKIPPED IMPORTING */ > > + /** > > + * asn1_copy_node: > > + * @dst: Destination asn1 node. > > +@@ -1207,6 +1208,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name, > > + > > + return result; > > + } > > ++#endif > > + > > + /** > > + * asn1_dup_node: > > +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h > > +index 51cc7879f..058ab27b0 100644 > > +--- a/include/grub/libtasn1.h > > ++++ b/include/grub/libtasn1.h > > +@@ -318,6 +318,8 @@ extern "C" > > + /* Functions definitions */ > > + /***********************************/ > > + > > ++/* These functions are not used in grub and should not be referenced. */ > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + extern ASN1_API int > > + asn1_parser2tree (const char *file, > > + asn1_node * definitions, char *error_desc); > > +@@ -326,14 +328,17 @@ extern "C" > > + asn1_parser2array (const char *inputFileName, > > + const char *outputFileName, > > + const char *vectorName, char *error_desc); > > ++# endif > > + > > + extern ASN1_API int > > + asn1_array2tree (const asn1_static_node * array, > > + asn1_node * definitions, char *errorDescription); > > + > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + extern ASN1_API void > > + asn1_print_structure (FILE * out, asn1_node_const structure, > > + const char *name, int mode); > > ++# endif > > + > > + extern ASN1_API int > > + asn1_create_element (asn1_node_const definitions, > > +@@ -347,9 +352,11 @@ extern "C" > > + extern ASN1_API int > > + asn1_delete_element (asn1_node structure, const char *element_name); > > + > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + extern ASN1_API int > > + asn1_write_value (asn1_node node_root, const char *name, > > + const void *ivalue, int len); > > ++# endif > > + > > + extern ASN1_API int > > + asn1_read_value (asn1_node_const root, const char *name, > > +@@ -366,9 +373,11 @@ extern "C" > > + asn1_number_of_elements (asn1_node_const element, const char *name, > > + int *num); > > + > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + extern ASN1_API int > > + asn1_der_coding (asn1_node_const element, const char *name, > > + void *ider, int *len, char *ErrorDescription); > > ++# endif > > + > > + extern ASN1_API int > > + asn1_der_decoding2 (asn1_node * element, const void *ider, > > +@@ -379,6 +388,7 @@ extern "C" > > + asn1_der_decoding (asn1_node * element, const void *ider, > > + int ider_len, char *errorDescription); > > + > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + /* Do not use. Use asn1_der_decoding() instead. */ > > + extern ASN1_API int > > + asn1_der_decoding_element (asn1_node * structure, > > +@@ -386,6 +396,7 @@ extern "C" > > + const void *ider, int len, > > + char *errorDescription) > > + _ASN1_GCC_ATTR_DEPRECATED; > > ++# endif > > + > > + extern ASN1_API int > > + asn1_der_decoding_startEnd (asn1_node element, > > +@@ -411,12 +422,16 @@ extern "C" > > + const char > > + *oidValue); > > + > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + __LIBTASN1_PURE__ > > + extern ASN1_API const char *asn1_check_version (const char > > *req_version); > > ++# endif > > + > > + __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error); > > + > > ++# if 0 /* GRUB SKIPPED IMPORTING */ > > + extern ASN1_API void asn1_perror (int error); > > ++# endif > > + > > + # define ASN1_MAX_TAG_SIZE 4 > > + # define ASN1_MAX_LENGTH_SIZE 9 > > +-- > > +2.35.3 > > + > > diff --git > > a/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch > > > > b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch > > new file mode 100644 > > index 000000000..5ab885e91 > > --- /dev/null > > +++ > > b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch > > @@ -0,0 +1,135 @@ > > +From d13793c210999b256b46970b5f76d41a57e5c8fc Mon Sep 17 00:00:00 2001 > > +From: Daniel Axtens <d...@axtens.net> > > +Date: Fri, 1 May 2020 20:44:29 +1000 > > +Subject: [PATCH 2/3] libtasn1: changes for grub compatibility > > + > > +Do a few things to make libtasn1 compile as part of grub: > > + > > + - remove _asn1_strcat and replace strcat with the bound-checked > > + _asn1_str_cat except the one inside _asn1_str_cat. That strcat is > > + replaced with strcpy. > > + > > + - adjust header paths in libtasn1.h > > + > > + - adjust header paths to "grub/libtasn1.h". > > + > > + - replace a 64 bit division with a call to grub_divmod64, preventing > > + creation of __udivdi3 calls on 32 bit platforms. > > + > > +Cc: Vladimir Serbinenko <phco...@gmail.com> > > +Signed-off-by: Daniel Axtens <d...@axtens.net> > > +Signed-off-by: Gary Lin <g...@suse.com> > > +--- > > + grub-core/lib/libtasn1/lib/decoding.c | 8 ++++---- > > + grub-core/lib/libtasn1/lib/element.c | 2 +- > > + grub-core/lib/libtasn1/lib/gstr.c | 2 +- > > + grub-core/lib/libtasn1/lib/int.h | 3 +-- > > + grub-core/lib/libtasn1/lib/parser_aux.c | 2 +- > > + include/grub/libtasn1.h | 5 ++--- > > + 6 files changed, 10 insertions(+), 12 deletions(-) > > + > > +diff --git a/grub-core/lib/libtasn1/lib/decoding.c > > b/grub-core/lib/libtasn1/lib/decoding.c > > +index bf9cb13ac..51859fe36 100644 > > +--- a/grub-core/lib/libtasn1/lib/decoding.c > > ++++ b/grub-core/lib/libtasn1/lib/decoding.c > > +@@ -2016,8 +2016,8 @@ asn1_expand_octet_string (asn1_node_const > > definitions, asn1_node * element, > > + (p2->type & CONST_ASSIGN)) > > + { > > + strcpy (name, definitions->name); > > +- strcat (name, "."); > > +- strcat (name, p2->name); > > ++ _asn1_str_cat (name, sizeof (name), "."); > > ++ _asn1_str_cat (name, sizeof (name), p2->name); > > + > > + len = sizeof (value); > > + result = asn1_read_value (definitions, name, value, &len); > > +@@ -2034,8 +2034,8 @@ asn1_expand_octet_string (asn1_node_const > > definitions, asn1_node * element, > > + if (p2) > > + { > > + strcpy (name, definitions->name); > > +- strcat (name, "."); > > +- strcat (name, p2->name); > > ++ _asn1_str_cat (name, sizeof (name), "."); > > ++ _asn1_str_cat (name, sizeof (name), p2->name); > > + > > + result = asn1_create_element (definitions, name, &aux); > > + if (result == ASN1_SUCCESS) > > +diff --git a/grub-core/lib/libtasn1/lib/element.c > > b/grub-core/lib/libtasn1/lib/element.c > > +index bc4c3c8d7..8694fecb9 100644 > > +--- a/grub-core/lib/libtasn1/lib/element.c > > ++++ b/grub-core/lib/libtasn1/lib/element.c > > +@@ -688,7 +688,7 @@ asn1_write_value (asn1_node node_root, const char > > *name, > > + return ASN1_MEM_ERROR; \ > > + } else { \ > > + /* this strcat is checked */ \ > > +- if (ptr) _asn1_strcat (ptr, data); \ > > ++ if (ptr) _asn1_str_cat ((char *)ptr, ptr_size, (const > > char *)data); \ > > + } > > + > > + /** > > +diff --git a/grub-core/lib/libtasn1/lib/gstr.c > > b/grub-core/lib/libtasn1/lib/gstr.c > > +index eef419554..a9c16f5d3 100644 > > +--- a/grub-core/lib/libtasn1/lib/gstr.c > > ++++ b/grub-core/lib/libtasn1/lib/gstr.c > > +@@ -36,7 +36,7 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const > > char *src) > > + > > + if (dest_tot_size - dest_size > str_size) > > + { > > +- strcat (dest, src); > > ++ strcpy (dest + dest_size, src); > > + } > > + else > > + { > > +diff --git a/grub-core/lib/libtasn1/lib/int.h > > b/grub-core/lib/libtasn1/lib/int.h > > +index d94d51c8c..7409c7655 100644 > > +--- a/grub-core/lib/libtasn1/lib/int.h > > ++++ b/grub-core/lib/libtasn1/lib/int.h > > +@@ -35,7 +35,7 @@ > > + # include <sys/types.h> > > + # endif > > + > > +-# include <libtasn1.h> > > ++# include "grub/libtasn1.h" > > + > > + # define ASN1_SMALL_VALUE_SIZE 16 > > + > > +@@ -115,7 +115,6 @@ extern const tag_and_class_st _asn1_tags[]; > > + # define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b) > > + # define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) > > + # define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) > > +-# define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) > > + > > + # if SIZEOF_UNSIGNED_LONG_INT == 8 > > + # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) > > +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c > > b/grub-core/lib/libtasn1/lib/parser_aux.c > > +index c05bd2339..e4e4c0556 100644 > > +--- a/grub-core/lib/libtasn1/lib/parser_aux.c > > ++++ b/grub-core/lib/libtasn1/lib/parser_aux.c > > +@@ -632,7 +632,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) > > + count = 0; > > + do > > + { > > +- d = val / 10; > > ++ d = grub_divmod64(val, 10, NULL); > > + r = val - d * 10; > > + temp[start + count] = '0' + (char) r; > > + count++; > > +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h > > +index 058ab27b0..7d64b6ab7 100644 > > +--- a/include/grub/libtasn1.h > > ++++ b/include/grub/libtasn1.h > > +@@ -54,9 +54,8 @@ > > + # define __LIBTASN1_PURE__ > > + # endif > > + > > +-# include <sys/types.h> > > +-# include <time.h> > > +-# include <stdio.h> /* for FILE* */ > > ++# include <grub/types.h> > > ++# include <grub/time.h> > > + > > + # ifdef __cplusplus > > + extern "C" > > +-- > > +2.35.3 > > + > > diff --git > > a/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch > > > > b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch > > new file mode 100644 > > index 000000000..2c4f4d394 > > --- /dev/null > > +++ > > b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch > > @@ -0,0 +1,35 @@ > > +From 8f7c3c3b28a312f77499159c52f313487fba0d08 Mon Sep 17 00:00:00 2001 > > +From: Gary Lin <g...@suse.com> > > +Date: Mon, 8 Apr 2024 14:57:21 +0800 > > +Subject: [PATCH 3/3] libtasn1: fix the potential buffer overrun > > + > > +In _asn1_tag_der(), the first while loop for the long form may end up > > +with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun > > +in the second while loop. This commit tweaks the conditional check to > > +avoid producing a too large 'k'. > > + > > +This is a quick fix and may differ from the official upstream fix. > > + > > +libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49 > > + > > +Signed-off-by: Gary Lin <g...@suse.com> > > +--- > > + grub-core/lib/libtasn1/lib/coding.c | 2 +- > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > + > > +diff --git a/grub-core/lib/libtasn1/lib/coding.c > > b/grub-core/lib/libtasn1/lib/coding.c > > +index 5d03bca9d..0458829a5 100644 > > +--- a/grub-core/lib/libtasn1/lib/coding.c > > ++++ b/grub-core/lib/libtasn1/lib/coding.c > > +@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int > > tag_value, > > + temp[k++] = tag_value & 0x7F; > > + tag_value >>= 7; > > + > > +- if (k > ASN1_MAX_TAG_SIZE - 1) > > ++ if (k >= ASN1_MAX_TAG_SIZE - 1) > > + break; /* will not encode larger tags */ > > + } > > + *ans_len = k + 1; > > +-- > > +2.35.3 > > + _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel