Fix CVE-2017-10790: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 Patch copied from upstream source repository: https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 22 Jun 2017 16:31:37 +0200 Subject: [PATCH] _asn1_check_identifier: safer access to values read Signed-off-by: Nikos Mavrogiannopoulos --- lib/parser_aux.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/parser_aux.c b/lib/parser_aux.c index 976ab38..786ea64 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) if (p2 == NULL) { if (p->value) - _asn1_strcpy (_asn1_identifierMissing, p->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); else _asn1_strcpy (_asn1_identifierMissing, "(null)"); return ASN1_IDENTIFIER_NOT_FOUND; @@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) { _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_strcpy (_asn1_identifierMissing, p2->value); + if (p2->value) + { + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); + } + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + p2 = asn1_find_node (node, name2); if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || !(p2->type & CONST_ASSIGN)) @@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) _asn1_str_cpy (name2, sizeof (name2), node->name); _asn1_str_cat (name2, sizeof (name2), "."); _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_strcpy (_asn1_identifierMissing, p2->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); + p2 = asn1_find_node (node, name2); if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || !(p2->type & CONST_ASSIGN)) -- 2.13.3 ='/guix/log/gnu/services/herd.scm?id=f8072794e4b3cc4e812bd8f52551ab34be206f0e&showmsg=1'>Expand)Author 2020-03-03services: herd: Add restart-service....* gnu/services/herd.scm (restart-service): New exported procedure. Mathieu Othacehe 2019-10-18herd: Define 'shepherd-message-port'....* gnu/services/herd.scm (shepherd-message-port): New variable. (display-message): Use it instead of 'current-error-port'. Ludovic Courtès 2019-07-26guix system: Add 'reconfigure' module....* guix/scripts/system/reconfigure.scm: New file. * Makefile.am (MODULES): Add it. * guix/scripts/system.scm (bootloader-installer-script): Export variable. * gnu/machine/ssh.scm (switch-to-system, upgrade-shepherd-services) (install-bootloader): Delete variable. * gnu/machine/ssh.scm (deploy-managed-host): Rewrite procedure. * gnu/services/herd.scm (live-service): Export variable. * gnu/services/herd.scm (live-service-canonical-name): New variable. * tests/services.scm (live-service): Delete variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Jakob L. Kreuze 2019-06-02herd: Use the Guile 2.2 'setvbuf' API....* gnu/services/herd.scm (open-connection): Use 'block for 'setvbuf'. Ludovic Courtès