From d1cdd8e540f0272b4a9f89e7543a1fceb6ffcc66 Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Wed, 14 Jun 2023 10:16:40 +0800 Subject: [PATCH] backport upstream patch (cherry picked from commit 8b05750238c3ba5450491013d2b14e834059bb42) --- ...ainst-a-theoretical-integer-overflow.patch | 34 +++++++++++++++++++ gnupg2.spec | 6 +++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 backport-common-Protect-against-a-theoretical-integer-overflow.patch diff --git a/backport-common-Protect-against-a-theoretical-integer-overflow.patch b/backport-common-Protect-against-a-theoretical-integer-overflow.patch new file mode 100644 index 0000000..4719577 --- /dev/null +++ b/backport-common-Protect-against-a-theoretical-integer-overflow.patch @@ -0,0 +1,34 @@ +From c300253181cfc591cbcae9251eda5296ed29591b Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Fri, 7 Oct 2022 14:12:33 +0200 +Subject: [PATCH] common: Protect against a theoretical integer overflow in + tlv.c + +* common/tlv.c (parse_ber_header): Protect agains integer overflow. +-- + +Although there is no concrete case where we use the (nhdr + length), +it is better to protect against this already here. +--- + common/tlv.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/common/tlv.c b/common/tlv.c +index abef83a37..9618d04cb 100644 +--- a/common/tlv.c ++++ b/common/tlv.c +@@ -222,6 +222,11 @@ parse_ber_header (unsigned char const **buffer, size_t *size, + *r_length = len; + } + ++ if (*r_length > *r_nhdr && (*r_nhdr + *r_length) < *r_length) ++ { ++ return gpg_err_make (default_errsource, GPG_ERR_EOVERFLOW); ++ } ++ + /* Without this kludge some example certs can't be parsed. */ + if (*r_class == CLASS_UNIVERSAL && !*r_tag) + *r_length = 0; +-- +2.27.0 + diff --git a/gnupg2.spec b/gnupg2.spec index b904613..e2fbba4 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,6 +1,6 @@ Name: gnupg2 Version: 2.2.32 -Release: 4 +Release: 5 Summary: Utility for secure communication and data storage License: GPLv3+ @@ -21,6 +21,7 @@ Patch9: gnupg-2.2.20-file-is-digest.patch Patch10: gnupg-2.2.21-coverity.patch Patch11: common-Avoid-undefined-behavior-of-left-shift-operat.patch Patch12: backport-CVE-2022-34903.patch +Patch13: backport-common-Protect-against-a-theoretical-integer-overflow.patch BuildRequires: gcc BuildRequires: zlib-devel, npth-devel, texinfo @@ -118,6 +119,9 @@ make check %changelog +* Wed Jun 14 2023 yixiangzhike - 2.2.32-5 +- backport upstream patch + * Wed Apr 19 2023 yixiangzhike - 2.2.32-4 - add BuildRequires:gnutls-devel to support TLS -- Gitee