On Sat, Apr 27, 2024 at 03:27:57AM -0500, Glenn Washburn wrote:
> On Thu, 25 Apr 2024 16:01:54 +0800
> Gary Lin <g...@suse.com> wrote:
>
> > Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
> > Also add the patches to make libtasn1 compatible with grub code.
> >
> > Signed-off-by: Gary Lin <g...@suse.com>
> > Reviewed-by: Vladimir Serbinenko <phco...@gmail.com>
> > ---
> > docs/grub-dev.texi | 28 ++
> > ...asn1-disable-code-not-needed-in-grub.patch | 320 ++++++++++++++++++
> > ...tasn1-changes-for-grub-compatibility.patch | 135 ++++++++
> > ...sn1-fix-the-potential-buffer-overrun.patch | 35 ++
> > 4 files changed, 518 insertions(+)
> > create mode 100644
> > grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> > create mode 100644
> > grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> > create mode 100644
> > grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> >
> > diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
> > index 1276c5930..36bf77883 100644
> > --- a/docs/grub-dev.texi
> > +++ b/docs/grub-dev.texi
> > @@ -506,6 +506,7 @@ to update it.
> > * Gnulib::
> > * jsmn::
> > * minilzo::
> > +* libtasn1::
> > @end menu
> >
> > @node Gnulib
> > @@ -596,6 +597,33 @@ cp minilzo-2.10/*.[hc] grub-core/lib/minilzo
> > rm -r minilzo-2.10*
> > @end example
> >
> > +@node libtasn1
> > +@section libtasn1
> > +
> > +libtasn1 is a library providing Abstract Syntax Notation One (ASN.1, as
> > +specified by the X.680 ITU-T recommendation) parsing and structures
> > management,
> > +and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding
> > +functions.
> > +
> > +To upgrade to a new version of the libtasn1 library, download the release
> > +tarball and copy the files into the target directory:
> > +
> > +@example
> > +curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz
> > +tar -zxf libtasn1-4.19.0.tar.gz
> > +rm -r grub-core/lib/libtasn1/
> > +mkdir libtasn1/lib
> > +mkdir -p grub-core/lib/libtasn1/lib/
> > +cp libtasn1-4.19.0/@lbracechar{}README.md,COPYING@rbracechar{}
> > grub-core/lib/libtasn1/
> > +cp
> > libtasn1-4.19.0/lib/@lbracechar{}coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h@rbracechar{}
> > grub-core/lib/libtasn1/lib/
> > +cp libtasn1-4.19.0/lib/includes/libtasn1.h include/grub/
> > +rm -rf libtasn1-4.19.0
> > +@end example
> > +
> > +After upgrading the library, it is necessary to apply the patches in
>
> s/is/may be/
>
> > +@file{grub-core/lib/libtasn1-patches/} to adjust the code to be compatible
> > with
> > +grub.
>
> Add after this sentence, I think its worth mentioning the following:
>
> These patches were needed to use the current version of libtasn1. The
> existing patches may not apply cleanly, apply at all, or even be
> needed for a newer version of the library, and other patches maybe
> needed due to changes in the newer version. If existing patches need
> to be refreshed to apply cleanly, please include updated patches as
> part of the a patch set sent to the list. If new patches are needed
> or existing patches are not needed, also please send additions or
> removals as part of any patch set upgrading libtasn1.
>
Thanks for the suggestion. This is a nice reminder for anyone who wants
to update libtasn1 later. Will add them to v14.
Gary Lin
> Glenn
>
> > +
> > @node Debugging
> > @chapter Debugging
> >
> > diff --git
> > a/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> >
> > b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> > new file mode 100644
> > index 000000000..e3264409f
> > --- /dev/null
> > +++
> > b/grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
> > @@ -0,0 +1,320 @@
> > +From 715f65934a120730316751536194ec5ed86aed9c Mon Sep 17 00:00:00 2001
> > +From: Daniel Axtens <d...@axtens.net>
> > +Date: Fri, 1 May 2020 17:12:23 +1000
> > +Subject: [PATCH 1/3] libtasn1: disable code not needed in grub
> > +
> > +We don't expect to be able to write ASN.1, only read it,
> > +so we can disable some code.
> > +
> > +Do that with #if 0/#endif, rather than deletion. This means
> > +that the difference between upstream and grub is smaller,
> > +which should make updating libtasn1 easier in the future.
> > +
> > +With these exclusions we also avoid the need for minmax.h,
> > +which is convenient because it means we don't have to
> > +import it from gnulib.
> > +
> > +Cc: Vladimir Serbinenko <phco...@gmail.com>
> > +Signed-off-by: Daniel Axtens <d...@axtens.net>
> > +Signed-off-by: Gary Lin <g...@suse.com>
> > +---
> > + grub-core/lib/libtasn1/lib/coding.c | 12 ++++++++++--
> > + grub-core/lib/libtasn1/lib/decoding.c | 2 ++
> > + grub-core/lib/libtasn1/lib/element.c | 6 +++---
> > + grub-core/lib/libtasn1/lib/errors.c | 3 +++
> > + grub-core/lib/libtasn1/lib/structure.c | 10 ++++++----
> > + include/grub/libtasn1.h | 15 +++++++++++++++
> > + 6 files changed, 39 insertions(+), 9 deletions(-)
> > +
> > +diff --git a/grub-core/lib/libtasn1/lib/coding.c
> > b/grub-core/lib/libtasn1/lib/coding.c
> > +index ea5bc370e..5d03bca9d 100644
> > +--- a/grub-core/lib/libtasn1/lib/coding.c
> > ++++ b/grub-core/lib/libtasn1/lib/coding.c
> > +@@ -30,11 +30,11 @@
> > + #include "parser_aux.h"
> > + #include <gstr.h>
> > + #include "element.h"
> > +-#include "minmax.h"
> > + #include <structure.h>
> > +
> > + #define MAX_TAG_LEN 16
> > +
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /******************************************************/
> > + /* Function : _asn1_error_description_value_not_found */
> > + /* Description: creates the ErrorDescription string */
> > +@@ -58,6 +58,7 @@ _asn1_error_description_value_not_found (asn1_node node,
> > + Estrcat (ErrorDescription, "' not found");
> > +
> > + }
> > ++#endif
> > +
> > + /**
> > + * asn1_length_der:
> > +@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const
> > unsigned char *str,
> > + return ASN1_SUCCESS;
> > + }
> > +
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /******************************************************/
> > + /* Function : _asn1_time_der */
> > + /* Description: creates the DER coding for a TIME */
> > +@@ -278,7 +280,7 @@ _asn1_time_der (unsigned char *str, int str_len,
> > unsigned char *der,
> > +
> > + return ASN1_SUCCESS;
> > + }
> > +-
> > ++#endif
> > +
> > + /*
> > + void
> > +@@ -519,6 +521,7 @@ asn1_bit_der (const unsigned char *str, int bit_len,
> > + }
> > +
> > +
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /******************************************************/
> > + /* Function : _asn1_complete_explicit_tag */
> > + /* Description: add the length coding to the EXPLICIT */
> > +@@ -595,6 +598,7 @@ _asn1_complete_explicit_tag (asn1_node node, unsigned
> > char *der,
> > +
> > + return ASN1_SUCCESS;
> > + }
> > ++#endif
> > +
> > + const tag_and_class_st _asn1_tags[] = {
> > + [ASN1_ETYPE_GENERALSTRING] =
> > +@@ -647,6 +651,8 @@ const tag_and_class_st _asn1_tags[] = {
> > +
> > + unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof
> > (_asn1_tags[0]);
> > +
> > ++
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /******************************************************/
> > + /* Function : _asn1_insert_tag_der */
> > + /* Description: creates the DER coding of tags of one */
> > +@@ -1423,3 +1429,5 @@ error:
> > + asn1_delete_structure (&node);
> > + return err;
> > + }
> > ++
> > ++#endif
> > +diff --git a/grub-core/lib/libtasn1/lib/decoding.c
> > b/grub-core/lib/libtasn1/lib/decoding.c
> > +index b9245c486..bf9cb13ac 100644
> > +--- a/grub-core/lib/libtasn1/lib/decoding.c
> > ++++ b/grub-core/lib/libtasn1/lib/decoding.c
> > +@@ -1620,6 +1620,7 @@ asn1_der_decoding (asn1_node * element, const void
> > *ider, int ider_len,
> > + return asn1_der_decoding2 (element, ider, &ider_len, 0,
> > errorDescription);
> > + }
> > +
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /**
> > + * asn1_der_decoding_element:
> > + * @structure: pointer to an ASN1 structure
> > +@@ -1650,6 +1651,7 @@ asn1_der_decoding_element (asn1_node * structure,
> > const char *elementName,
> > + {
> > + return asn1_der_decoding (structure, ider, len, errorDescription);
> > + }
> > ++#endif
> > +
> > + /**
> > + * asn1_der_decoding_startEnd:
> > +diff --git a/grub-core/lib/libtasn1/lib/element.c
> > b/grub-core/lib/libtasn1/lib/element.c
> > +index d4c558e10..bc4c3c8d7 100644
> > +--- a/grub-core/lib/libtasn1/lib/element.c
> > ++++ b/grub-core/lib/libtasn1/lib/element.c
> > +@@ -118,7 +118,7 @@ _asn1_convert_integer (const unsigned char *value,
> > unsigned char *value_out,
> > + value_out[k2 - k] = val[k2];
> > + }
> > +
> > +-#if 0
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
> > + for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
> > + printf (", vOut[%d]=%d", k, value_out[k]);
> > +@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct
> > node_tail_cache_st *pcache)
> > + return ASN1_SUCCESS;
> > + }
> > +
> > +-
> > ++#if 0
> > + /**
> > + * asn1_write_value:
> > + * @node_root: pointer to a structure
> > +@@ -646,7 +646,7 @@ asn1_write_value (asn1_node node_root, const char
> > *name,
> > +
> > + return ASN1_SUCCESS;
> > + }
> > +-
> > ++#endif
> > +
> > + #define PUT_VALUE( ptr, ptr_size, data, data_size) \
> > + *len = data_size; \
> > +diff --git a/grub-core/lib/libtasn1/lib/errors.c
> > b/grub-core/lib/libtasn1/lib/errors.c
> > +index aef5dfe6f..2b2322152 100644
> > +--- a/grub-core/lib/libtasn1/lib/errors.c
> > ++++ b/grub-core/lib/libtasn1/lib/errors.c
> > +@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = {
> > + {0, 0}
> > + };
> > +
> > ++
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /**
> > + * asn1_perror:
> > + * @error: is an error returned by a libtasn1 function.
> > +@@ -73,6 +75,7 @@ asn1_perror (int error)
> > + const char *str = asn1_strerror (error);
> > + fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
> > + }
> > ++#endif
> > +
> > + /**
> > + * asn1_strerror:
> > +diff --git a/grub-core/lib/libtasn1/lib/structure.c
> > b/grub-core/lib/libtasn1/lib/structure.c
> > +index 512dd601f..f5a947d57 100644
> > +--- a/grub-core/lib/libtasn1/lib/structure.c
> > ++++ b/grub-core/lib/libtasn1/lib/structure.c
> > +@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node)
> > + return node->left;
> > + }
> > +
> > +-
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + int
> > + _asn1_create_static_structure (asn1_node_const pointer,
> > + char *output_file_name, char *vector_name)
> > +@@ -155,7 +155,7 @@ _asn1_create_static_structure (asn1_node_const pointer,
> > +
> > + return ASN1_SUCCESS;
> > + }
> > +-
> > ++#endif
> > +
> > + /**
> > + * asn1_array2tree:
> > +@@ -721,7 +721,7 @@ asn1_create_element (asn1_node_const definitions,
> > const char *source_name,
> > + return res;
> > + }
> > +
> > +-
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /**
> > + * asn1_print_structure:
> > + * @out: pointer to the output file (e.g. stdout).
> > +@@ -1062,7 +1062,7 @@ asn1_print_structure (FILE * out, asn1_node_const
> > structure, const char *name,
> > + }
> > + }
> > + }
> > +-
> > ++#endif
> > +
> > +
> > + /**
> > +@@ -1158,6 +1158,7 @@ asn1_find_structure_from_oid (asn1_node_const
> > definitions,
> > + return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
> > + }
> > +
> > ++#if 0 /* GRUB SKIPPED IMPORTING */
> > + /**
> > + * asn1_copy_node:
> > + * @dst: Destination asn1 node.
> > +@@ -1207,6 +1208,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name,
> > +
> > + return result;
> > + }
> > ++#endif
> > +
> > + /**
> > + * asn1_dup_node:
> > +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
> > +index 51cc7879f..058ab27b0 100644
> > +--- a/include/grub/libtasn1.h
> > ++++ b/include/grub/libtasn1.h
> > +@@ -318,6 +318,8 @@ extern "C"
> > + /* Functions definitions */
> > + /***********************************/
> > +
> > ++/* These functions are not used in grub and should not be referenced. */
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + extern ASN1_API int
> > + asn1_parser2tree (const char *file,
> > + asn1_node * definitions, char *error_desc);
> > +@@ -326,14 +328,17 @@ extern "C"
> > + asn1_parser2array (const char *inputFileName,
> > + const char *outputFileName,
> > + const char *vectorName, char *error_desc);
> > ++# endif
> > +
> > + extern ASN1_API int
> > + asn1_array2tree (const asn1_static_node * array,
> > + asn1_node * definitions, char *errorDescription);
> > +
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + extern ASN1_API void
> > + asn1_print_structure (FILE * out, asn1_node_const structure,
> > + const char *name, int mode);
> > ++# endif
> > +
> > + extern ASN1_API int
> > + asn1_create_element (asn1_node_const definitions,
> > +@@ -347,9 +352,11 @@ extern "C"
> > + extern ASN1_API int
> > + asn1_delete_element (asn1_node structure, const char *element_name);
> > +
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + extern ASN1_API int
> > + asn1_write_value (asn1_node node_root, const char *name,
> > + const void *ivalue, int len);
> > ++# endif
> > +
> > + extern ASN1_API int
> > + asn1_read_value (asn1_node_const root, const char *name,
> > +@@ -366,9 +373,11 @@ extern "C"
> > + asn1_number_of_elements (asn1_node_const element, const char *name,
> > + int *num);
> > +
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + extern ASN1_API int
> > + asn1_der_coding (asn1_node_const element, const char *name,
> > + void *ider, int *len, char *ErrorDescription);
> > ++# endif
> > +
> > + extern ASN1_API int
> > + asn1_der_decoding2 (asn1_node * element, const void *ider,
> > +@@ -379,6 +388,7 @@ extern "C"
> > + asn1_der_decoding (asn1_node * element, const void *ider,
> > + int ider_len, char *errorDescription);
> > +
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + /* Do not use. Use asn1_der_decoding() instead. */
> > + extern ASN1_API int
> > + asn1_der_decoding_element (asn1_node * structure,
> > +@@ -386,6 +396,7 @@ extern "C"
> > + const void *ider, int len,
> > + char *errorDescription)
> > + _ASN1_GCC_ATTR_DEPRECATED;
> > ++# endif
> > +
> > + extern ASN1_API int
> > + asn1_der_decoding_startEnd (asn1_node element,
> > +@@ -411,12 +422,16 @@ extern "C"
> > + const char
> > + *oidValue);
> > +
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + __LIBTASN1_PURE__
> > + extern ASN1_API const char *asn1_check_version (const char
> > *req_version);
> > ++# endif
> > +
> > + __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error);
> > +
> > ++# if 0 /* GRUB SKIPPED IMPORTING */
> > + extern ASN1_API void asn1_perror (int error);
> > ++# endif
> > +
> > + # define ASN1_MAX_TAG_SIZE 4
> > + # define ASN1_MAX_LENGTH_SIZE 9
> > +--
> > +2.35.3
> > +
> > diff --git
> > a/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> >
> > b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> > new file mode 100644
> > index 000000000..5ab885e91
> > --- /dev/null
> > +++
> > b/grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
> > @@ -0,0 +1,135 @@
> > +From d13793c210999b256b46970b5f76d41a57e5c8fc Mon Sep 17 00:00:00 2001
> > +From: Daniel Axtens <d...@axtens.net>
> > +Date: Fri, 1 May 2020 20:44:29 +1000
> > +Subject: [PATCH 2/3] libtasn1: changes for grub compatibility
> > +
> > +Do a few things to make libtasn1 compile as part of grub:
> > +
> > + - remove _asn1_strcat and replace strcat with the bound-checked
> > + _asn1_str_cat except the one inside _asn1_str_cat. That strcat is
> > + replaced with strcpy.
> > +
> > + - adjust header paths in libtasn1.h
> > +
> > + - adjust header paths to "grub/libtasn1.h".
> > +
> > + - replace a 64 bit division with a call to grub_divmod64, preventing
> > + creation of __udivdi3 calls on 32 bit platforms.
> > +
> > +Cc: Vladimir Serbinenko <phco...@gmail.com>
> > +Signed-off-by: Daniel Axtens <d...@axtens.net>
> > +Signed-off-by: Gary Lin <g...@suse.com>
> > +---
> > + grub-core/lib/libtasn1/lib/decoding.c | 8 ++++----
> > + grub-core/lib/libtasn1/lib/element.c | 2 +-
> > + grub-core/lib/libtasn1/lib/gstr.c | 2 +-
> > + grub-core/lib/libtasn1/lib/int.h | 3 +--
> > + grub-core/lib/libtasn1/lib/parser_aux.c | 2 +-
> > + include/grub/libtasn1.h | 5 ++---
> > + 6 files changed, 10 insertions(+), 12 deletions(-)
> > +
> > +diff --git a/grub-core/lib/libtasn1/lib/decoding.c
> > b/grub-core/lib/libtasn1/lib/decoding.c
> > +index bf9cb13ac..51859fe36 100644
> > +--- a/grub-core/lib/libtasn1/lib/decoding.c
> > ++++ b/grub-core/lib/libtasn1/lib/decoding.c
> > +@@ -2016,8 +2016,8 @@ asn1_expand_octet_string (asn1_node_const
> > definitions, asn1_node * element,
> > + (p2->type & CONST_ASSIGN))
> > + {
> > + strcpy (name, definitions->name);
> > +- strcat (name, ".");
> > +- strcat (name, p2->name);
> > ++ _asn1_str_cat (name, sizeof (name), ".");
> > ++ _asn1_str_cat (name, sizeof (name), p2->name);
> > +
> > + len = sizeof (value);
> > + result = asn1_read_value (definitions, name, value, &len);
> > +@@ -2034,8 +2034,8 @@ asn1_expand_octet_string (asn1_node_const
> > definitions, asn1_node * element,
> > + if (p2)
> > + {
> > + strcpy (name, definitions->name);
> > +- strcat (name, ".");
> > +- strcat (name, p2->name);
> > ++ _asn1_str_cat (name, sizeof (name), ".");
> > ++ _asn1_str_cat (name, sizeof (name), p2->name);
> > +
> > + result = asn1_create_element (definitions, name, &aux);
> > + if (result == ASN1_SUCCESS)
> > +diff --git a/grub-core/lib/libtasn1/lib/element.c
> > b/grub-core/lib/libtasn1/lib/element.c
> > +index bc4c3c8d7..8694fecb9 100644
> > +--- a/grub-core/lib/libtasn1/lib/element.c
> > ++++ b/grub-core/lib/libtasn1/lib/element.c
> > +@@ -688,7 +688,7 @@ asn1_write_value (asn1_node node_root, const char
> > *name,
> > + return ASN1_MEM_ERROR; \
> > + } else { \
> > + /* this strcat is checked */ \
> > +- if (ptr) _asn1_strcat (ptr, data); \
> > ++ if (ptr) _asn1_str_cat ((char *)ptr, ptr_size, (const
> > char *)data); \
> > + }
> > +
> > + /**
> > +diff --git a/grub-core/lib/libtasn1/lib/gstr.c
> > b/grub-core/lib/libtasn1/lib/gstr.c
> > +index eef419554..a9c16f5d3 100644
> > +--- a/grub-core/lib/libtasn1/lib/gstr.c
> > ++++ b/grub-core/lib/libtasn1/lib/gstr.c
> > +@@ -36,7 +36,7 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const
> > char *src)
> > +
> > + if (dest_tot_size - dest_size > str_size)
> > + {
> > +- strcat (dest, src);
> > ++ strcpy (dest + dest_size, src);
> > + }
> > + else
> > + {
> > +diff --git a/grub-core/lib/libtasn1/lib/int.h
> > b/grub-core/lib/libtasn1/lib/int.h
> > +index d94d51c8c..7409c7655 100644
> > +--- a/grub-core/lib/libtasn1/lib/int.h
> > ++++ b/grub-core/lib/libtasn1/lib/int.h
> > +@@ -35,7 +35,7 @@
> > + # include <sys/types.h>
> > + # endif
> > +
> > +-# include <libtasn1.h>
> > ++# include "grub/libtasn1.h"
> > +
> > + # define ASN1_SMALL_VALUE_SIZE 16
> > +
> > +@@ -115,7 +115,6 @@ extern const tag_and_class_st _asn1_tags[];
> > + # define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b)
> > + # define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b)
> > + # define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b)
> > +-# define _asn1_strcat(a,b) strcat((char *)a, (const char *)b)
> > +
> > + # if SIZEOF_UNSIGNED_LONG_INT == 8
> > + # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
> > +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c
> > b/grub-core/lib/libtasn1/lib/parser_aux.c
> > +index c05bd2339..e4e4c0556 100644
> > +--- a/grub-core/lib/libtasn1/lib/parser_aux.c
> > ++++ b/grub-core/lib/libtasn1/lib/parser_aux.c
> > +@@ -632,7 +632,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
> > + count = 0;
> > + do
> > + {
> > +- d = val / 10;
> > ++ d = grub_divmod64(val, 10, NULL);
> > + r = val - d * 10;
> > + temp[start + count] = '0' + (char) r;
> > + count++;
> > +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
> > +index 058ab27b0..7d64b6ab7 100644
> > +--- a/include/grub/libtasn1.h
> > ++++ b/include/grub/libtasn1.h
> > +@@ -54,9 +54,8 @@
> > + # define __LIBTASN1_PURE__
> > + # endif
> > +
> > +-# include <sys/types.h>
> > +-# include <time.h>
> > +-# include <stdio.h> /* for FILE* */
> > ++# include <grub/types.h>
> > ++# include <grub/time.h>
> > +
> > + # ifdef __cplusplus
> > + extern "C"
> > +--
> > +2.35.3
> > +
> > diff --git
> > a/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> >
> > b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> > new file mode 100644
> > index 000000000..2c4f4d394
> > --- /dev/null
> > +++
> > b/grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
> > @@ -0,0 +1,35 @@
> > +From 8f7c3c3b28a312f77499159c52f313487fba0d08 Mon Sep 17 00:00:00 2001
> > +From: Gary Lin <g...@suse.com>
> > +Date: Mon, 8 Apr 2024 14:57:21 +0800
> > +Subject: [PATCH 3/3] libtasn1: fix the potential buffer overrun
> > +
> > +In _asn1_tag_der(), the first while loop for the long form may end up
> > +with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
> > +in the second while loop. This commit tweaks the conditional check to
> > +avoid producing a too large 'k'.
> > +
> > +This is a quick fix and may differ from the official upstream fix.
> > +
> > +libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
> > +
> > +Signed-off-by: Gary Lin <g...@suse.com>
> > +---
> > + grub-core/lib/libtasn1/lib/coding.c | 2 +-
> > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > +
> > +diff --git a/grub-core/lib/libtasn1/lib/coding.c
> > b/grub-core/lib/libtasn1/lib/coding.c
> > +index 5d03bca9d..0458829a5 100644
> > +--- a/grub-core/lib/libtasn1/lib/coding.c
> > ++++ b/grub-core/lib/libtasn1/lib/coding.c
> > +@@ -143,7 +143,7 @@ _asn1_tag_der (unsigned char class, unsigned int
> > tag_value,
> > + temp[k++] = tag_value & 0x7F;
> > + tag_value >>= 7;
> > +
> > +- if (k > ASN1_MAX_TAG_SIZE - 1)
> > ++ if (k >= ASN1_MAX_TAG_SIZE - 1)
> > + break; /* will not encode larger tags */
> > + }
> > + *ans_len = k + 1;
> > +--
> > +2.35.3
> > +
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
