From 90c88731bd036e5698b281fbc0a5f3aa4c9983ac Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 29 Jun 2020 11:38:31 +0100
Subject: gentoo resync : 29.06.2020

---
 .../files/Convert-ASN1-0.270.0-CVE-2013-7488.patch | 45 ++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch

(limited to 'dev-perl/Convert-ASN1/files')

diff --git a/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch
new file mode 100644
index 000000000000..1922eceaa300
--- /dev/null
+++ b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch
@@ -0,0 +1,45 @@
+From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001
+From: Dana Jacobsen <dana@acm.org>
+Date: Tue, 29 Oct 2013 08:37:48 -0700
+Subject: [PATCH 1/2] Fix unsafe decoding in indef case
+
+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
+---
+ lib/Convert/ASN1/_decode.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
+index e811e8d..eb2b584 100644
+--- a/lib/Convert/ASN1/_decode.pm
++++ b/lib/Convert/ASN1/_decode.pm
+@@ -685,6 +685,7 @@ sub _scan_indef {
+     if((ord($tag) & 0x1f) == 0x1f) {
+       my $b;
+       do {
++	return if $pos >= $end;
+ 	$tag .= substr($_[0],$pos++,1);
+ 	$b = ord substr($tag,-1);
+       } while($b & 0x80);
+
+From 8125d99e15596fee1b5f904ed74a76bccf54082d Mon Sep 17 00:00:00 2001
+From: Dana Jacobsen <dana@acm.org>
+Date: Tue, 29 Oct 2013 08:53:09 -0700
+Subject: [PATCH 2/2] Add second part of position check
+
+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
+---
+ lib/Convert/ASN1/_decode.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
+index eb2b584..67b95aa 100644
+--- a/lib/Convert/ASN1/_decode.pm
++++ b/lib/Convert/ASN1/_decode.pm
+@@ -679,6 +679,7 @@ sub _scan_indef {
+       $pos += 2;
+       next;
+     }
++    return if $pos >= $end;
+ 
+     my $tag = substr($_[0], $pos++, 1);
+ 
-- 
cgit v1.2.3