Message ID | adfef3b7-12e2-c7fc-ea7b-28e49186087b@chocky.org |
---|---|
State | Not Applicable |
Delegated to: | Petr Štetiar |
Headers | show |
Series | CVE-2020-15888 - libtasn1 | expand |
Hi Peter, Can you resend this as a proper patch ready to be applied ? Or as a PR on Github if this is easier for you ? Le jeu. 3 nov. 2022 à 10:26, Peter Naulls <peter@chocky.org> a écrit : > > > https://nvd.nist.gov/vuln/detail/CVE-2021-46848 > > Against openwrt-22.03 > > --- /dev/null > +++ b/libs/libtasn1/patches/099-CVE-2020-15888.patch CVE link and patch name do not match > @@ -0,0 +1,11 @@ > +--- a/lib/int.h 2022-11-03 10:15:01.065656767 -0400 > ++++ b/lib/int.h 2022-11-03 10:15:39.333658083 -0400 > +@@ -97,7 +97,7 @@ > + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) > + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) > + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ > +- (etype) <= _asn1_tags_size && \ > ++ (etype) < _asn1_tags_size && \ > + _asn1_tags[(etype)].desc != NULL)?1:0) > + > + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
--- /dev/null +++ b/libs/libtasn1/patches/099-CVE-2020-15888.patch @@ -0,0 +1,11 @@ +--- a/lib/int.h 2022-11-03 10:15:01.065656767 -0400 ++++ b/lib/int.h 2022-11-03 10:15:39.333658083 -0400 +@@ -97,7 +97,7 @@ + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ +- (etype) <= _asn1_tags_size && \ ++ (etype) < _asn1_tags_size && \ + _asn1_tags[(etype)].desc != NULL)?1:0) + + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \