开源软件构建与测试

Changes of Revision 4

_service:tar_scm:gnupg2.spec Changed

_service:tar_scm:backport-common-Protect-against-a-theoretical-integer-overflow.patch Added

@@ -0,0 +1,34 @@
+From c300253181cfc591cbcae9251eda5296ed29591b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Fri, 7 Oct 2022 14:12:33 +0200
+Subject: PATCH common: Protect against a theoretical integer overflow in
+ tlv.c
+
+* common/tlv.c (parse_ber_header): Protect agains integer overflow.
+--
+
+Although there is no concrete case where we use the (nhdr + length),
+it is better to protect against this already here.
+---
+ common/tlv.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/common/tlv.c b/common/tlv.c
+index abef83a37..9618d04cb 100644
+--- a/common/tlv.c
++++ b/common/tlv.c
+@@ -222,6 +222,11 @@ parse_ber_header (unsigned char const **buffer, size_t *size,
+       *r_length = len;
+     }
+ 
++  if (*r_length > *r_nhdr && (*r_nhdr + *r_length) < *r_length)
++    {
++      return gpg_err_make (default_errsource, GPG_ERR_EOVERFLOW);
++    }
++
+   /* Without this kludge some example certs can't be parsed. */
+   if (*r_class == CLASS_UNIVERSAL && !*r_tag)
+     *r_length = 0;
+-- 
+2.27.0
+