From 3a1730cddcf2adb90e8241b72244d7e2684cb26b Mon Sep 17 00:00:00 2001
From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Date: Tue, 4 Jun 2024 07:27:37 +0000
Subject: [PATCH] lib/libtasn1: Fix ETYPE_OK off by one array size check

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
---
 ...btasn1-Fix-ETYPE_OK-off-by-one-array.patch | 29 +++++++++++++++++++
 grub.patches                                  |  1 +
 grub2.spec                                    |  8 ++++-
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch

diff --git a/backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch b/backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch
new file mode 100644
index 0000000..9aad6cf
--- /dev/null
+++ b/backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch
@@ -0,0 +1,29 @@
+From 3395407f083eae362637d7a29e31c97008a57f4f Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Wed, 17 Aug 2022 12:25:06 +0200
+Subject: [PATCH] lib/libtasn1: Fix ETYPE_OK off by one array size check
+
+Reported by David Trabish in
+<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
+
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+---
+ grub-core/lib/libtasn1/lib/int.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h
+index 4a568ef..65e7087 100644
+--- a/grub-core/lib/libtasn1/lib/int.h
++++ b/grub-core/lib/libtasn1/lib/int.h
+@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
++                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+-- 
+2.33.0
+
diff --git a/grub.patches b/grub.patches
index 2a4f045..8cc2370 100644
--- a/grub.patches
+++ b/grub.patches
@@ -349,3 +349,4 @@ Patch0349: backport-commands-acpi-Fix-calculation-of-ACPI-tables-address.patch
 Patch0350: backport-CVE-2024-1048-grub-set-bootflag-Conservative-partial-fix.patch
 Patch0351: backport-CVE-2024-1048-grub-set-bootflag-More-complete-fix.patch
 Patch0352: backport-CVE-2024-1048-grub-set-bootflag-Exit-calmly-when-not.patch
+Patch0353: backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch
diff --git a/grub2.spec b/grub2.spec
index 93cb06e..cc3bd7a 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	45
+Release:	46
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -453,6 +453,12 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Tue Jun 4 2024 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.06-46
+- Type:CVE
+- CVE:CVE-2021-46848
+- SUG:NA
+- DESC:lib/libtasn1: Fix ETYPE_OK off by one array size check
+
 * Thu Mar 14 2024 chenyuanfeng <yuanfeng.chen@shingroup.cn> - 1:2.06-45
 - Type:bugfix
 - CVE:NA
-- 
Gitee