import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch - openbmc/openbmc - Gitiles

 From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
 From: Nikos Mavrogiannopoulos <nmav@redhat.com>
 Date: Thu, 22 Jun 2017 16:31:37 +0200
 Subject: [PATCH] _asn1_check_identifier: safer access to values read

 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
 Upstream-Status: Backport

 CVE: CVE-2017-10790

 Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  lib/parser_aux.c |   17 ++++++++++++-----
  1 file changed, 12 insertions(+), 5 deletions(-)

 diff --git a/lib/parser_aux.c b/lib/parser_aux.c
 index 976ab38..786ea64 100644
 --- a/lib/parser_aux.c
 +++ b/lib/parser_aux.c
 @@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
  	  if (p2 == NULL)
  	    {
  	      if (p->value)
 -		_asn1_strcpy (_asn1_identifierMissing, p->value);
 +		_asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
  	      else
  		_asn1_strcpy (_asn1_identifierMissing, "(null)");
  	      return ASN1_IDENTIFIER_NOT_FOUND;
 @@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
  	  if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
  	    {
  	      _asn1_str_cpy (name2, sizeof (name2), node->name);
 -	      _asn1_str_cat (name2, sizeof (name2), ".");
 -	      _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
 -	      _asn1_strcpy (_asn1_identifierMissing, p2->value);
 +	      if (p2->value)
 +	        {
 +	          _asn1_str_cat (name2, sizeof (name2), ".");
 +	          _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
 +	          _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
 +	        }
 +	      else
 +		_asn1_strcpy (_asn1_identifierMissing, "(null)");
 +
  	      p2 = asn1_find_node (node, name2);
  	      if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
  		  !(p2->type & CONST_ASSIGN))
 @@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
  		  _asn1_str_cpy (name2, sizeof (name2), node->name);
  		  _asn1_str_cat (name2, sizeof (name2), ".");
  		  _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
 -		  _asn1_strcpy (_asn1_identifierMissing, p2->value);
 +		  _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
 +
  		  p2 = asn1_find_node (node, name2);
  		  if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
  		      || !(p2->type & CONST_ASSIGN))
 --
 1.7.9.5
	From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
	From: Nikos Mavrogiannopoulos <nmav@redhat.com>
	Date: Thu, 22 Jun 2017 16:31:37 +0200
	Subject: [PATCH] _asn1_check_identifier: safer access to values read

	Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

	http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
	Upstream-Status: Backport

	CVE: CVE-2017-10790

	Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
	---
	lib/parser_aux.c \| 17 ++++++++++++-----
	1 file changed, 12 insertions(+), 5 deletions(-)

	diff --git a/lib/parser_aux.c b/lib/parser_aux.c
	index 976ab38..786ea64 100644
	--- a/lib/parser_aux.c
	+++ b/lib/parser_aux.c
	@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
	if (p2 == NULL)
	{
	if (p->value)
	- _asn1_strcpy (_asn1_identifierMissing, p->value);
	+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
	else
	_asn1_strcpy (_asn1_identifierMissing, "(null)");
	return ASN1_IDENTIFIER_NOT_FOUND;
	@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
	if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
	{
	_asn1_str_cpy (name2, sizeof (name2), node->name);
	- _asn1_str_cat (name2, sizeof (name2), ".");
	- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
	- _asn1_strcpy (_asn1_identifierMissing, p2->value);
	+ if (p2->value)
	+ {
	+ _asn1_str_cat (name2, sizeof (name2), ".");
	+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
	+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
	+ }
	+ else
	+ _asn1_strcpy (_asn1_identifierMissing, "(null)");
	+
	p2 = asn1_find_node (node, name2);
	if (!p2 \|\| (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) \|\|
	!(p2->type & CONST_ASSIGN))
	@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
	_asn1_str_cpy (name2, sizeof (name2), node->name);
	_asn1_str_cat (name2, sizeof (name2), ".");
	_asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
	- _asn1_strcpy (_asn1_identifierMissing, p2->value);
	+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
	+
	p2 = asn1_find_node (node, name2);
	if (!p2 \|\| (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
	\|\| !(p2->type & CONST_ASSIGN))
	--
	1.7.9.5