diff mbox series

[review,scarthgap] libtasn1: Stack-based_buffer_overflow_fix

Message ID 20260112160031.71913-1-amaury.couderc@est.tech
State Superseded, archived
Delegated to: Yoann Congal
Headers show
Series [review,scarthgap] libtasn1: Stack-based_buffer_overflow_fix | expand

Commit Message

Amaury Couderc Jan. 12, 2026, 4 p.m. UTC 
From: Amaury Couderc <amaury.couderc@est.tech>

Signed-off-by: Amaury Couderc <amaury.couderc@est.tech>
---
 .../gnutls/libtasn1/CVE-2025-13151.patch      | 36 +++++++++++++++++++
 .../recipes-support/gnutls/libtasn1_4.20.0.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch

Comments

Quentin Schulz Jan. 12, 2026, 4:05 p.m. UTC | #1 
Hi Amaury,

Is there any reason why this patch is only targeting scarthgap? Are 
master, whinlatter and kirkstone (the currently supported releases) not 
impacted? If so, why?

Cheers,
Quentin
Quentin Schulz Jan. 13, 2026, 9:33 a.m. UTC | #2 
Hi Amaury,

Please use "Reply All" when answering to mails on the mailing list so 
that the conversation stays public and is archived, adding the ML back 
in Cc myself.

On 1/13/26 10:10 AM, Amaury Couderc wrote:
> Hi Quentin,
> 
> I tested the patch on scarthgap, but I think it should be applicable on all the releases.
> 

https://docs.yoctoproject.org/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches

This is then clearly matching the description in point 2.2. It must be 
tested and sent against master first and then it can be backported to 
older-but-still-supported releases afterwards.

Thanks,
Quentin
Amaury Couderc Jan. 13, 2026, 10:04 a.m. UTC | #3 
Hi Quentin,

My bad, I will do that for future emails.

Kind Regards,

Amaury
diff mbox series

Patch

diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
new file mode 100644
index 0000000000..6ece045643
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
@@ -0,0 +1,36 @@ 
+From d6dbdff9a87e277c5c42adca935b32b5f99b464f Mon Sep 17 00:00:00 2001
+From: Vijay Sarvepalli <vssarvepalli@cert.org>
+Date: Mon, 12 Jan 2026 10:49:46 +0100
+Subject: [PATCH] CVE-2025-13151
+
+Stack-based buffer overflow in libtasn1 version: v4.20.0. 
+The function fails to validate the size of input data 
+resulting in a buffer overflow in asn1_expend_octet_string.
+
+Fixes CVE-2025-13151
+CVE-2025-13151
+
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/libtasn1/-/merge_requests/121/diffs?commit_id=305377bad9ab87f461a2adcbb056c424cd56d03a]
+
+Signed-off-by: Amaury Couderc <amaury.couderc@est.tech>
+---
+ lib/decoding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 1e0fcb3..abcb49f 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -1983,7 +1983,7 @@ int
+ asn1_expand_octet_string (asn1_node_const definitions, asn1_node *element,
+ 			  const char *octetName, const char *objectName)
+ {
+-  char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
++  char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE];
+   int retCode = ASN1_SUCCESS, result;
+   int len, len2, len3;
+   asn1_node_const p2;
+-- 
+2.43.0
+
diff --git a/meta/recipes-support/gnutls/libtasn1_4.20.0.bb b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
index 8127ba5b1d..bfc011a2f1 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
@@ -11,6 +11,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
 
 SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
            file://dont-depend-on-help2man.patch \
+           file://CVE-2025-13151.patch \
            "
 
 DEPENDS = "bison-native"