From 0124258ffcb13a156eb8ccf1167d5f614ea1e364 Mon Sep 17 00:00:00 2001
From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Date: Wed, 5 Jun 2024 02:03:28 +0000
Subject: [PATCH] lib/libtasn1: Fix ETYPE_OK off by one array size check

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
(cherry picked from commit 4155120fe548cfc7cff865d1b938514a7d25da28)
---
 ...btasn1-Fix-ETYPE_OK-off-by-one-array.patch | 29 +++++++++++++++++++
 grub.patches                                  |  1 +
 grub2.spec                                    |  8 ++++-
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch

diff --git a/backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch b/backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch
new file mode 100644
index 0000000..2846bd8
--- /dev/null
+++ b/backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch
@@ -0,0 +1,29 @@
+From 3395407f083eae362637d7a29e31c97008a57f4f Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Wed, 17 Aug 2022 12:25:06 +0200
+Subject: [PATCH] lib/libtasn1: Fix ETYPE_OK off by one array size check
+
+Reported by David Trabish in
+<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
+
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+---
+ grub-core/lib/libtasn1/lib/int.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h
+index edfe84a..c15bfa6 100644
+--- a/grub-core/lib/libtasn1/lib/int.h
++++ b/grub-core/lib/libtasn1/lib/int.h
+@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
+ # define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ # define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ # define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
++                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ # define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+-- 
+2.33.0
+
diff --git a/grub.patches b/grub.patches
index 6e08bf2..0090e23 100644
--- a/grub.patches
+++ b/grub.patches
@@ -232,3 +232,4 @@ Patch231:       loongarch64-fix-GRUB_EFI_MAX_ALLOCATION_ADDRESS-unde.patch
 Patch232:       modify-efi_max_usable-addr.patch
 Patch233:       LoongArch-Add-back-compatibility-for-linux-kernel.patch
 Patch234:       Fix-that-patch-28dcf48482-introduced-old-code.patch
+Patch235:       backport-CVE-2021-46848-lib-libtasn1-Fix-ETYPE_OK-off-by-one-array.patch
diff --git a/grub2.spec b/grub2.spec
index 70a6c06..500d9f6 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	14
+Release:	15
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -447,6 +447,12 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Wed Jun 5 2024 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-15
+- Type:CVE
+- CVE:CVE-2021-46848
+- SUG:NA
+- DESC:lib/libtasn1: Fix ETYPE_OK off by one array size check
+
 * Tue May 28 2024 liuxue <liuxue@loongson.cn> - 1:2.12-14
 - Type:bugfix
 - CVE:NA
-- 
Gitee