From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qin.long@intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5FDC921A04826
 for <edk2-devel@lists.01.org>; Fri, 31 Mar 2017 10:05:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=intel;
 t=1490979948; x=1522515948;
 h=from:to:cc:subject:date:message-id:in-reply-to: references;
 bh=HV7FN2nMbXFOQuxpULF85tfDoXuSXOMSqzhmN1zudE0=;
 b=ttgDEKYUZA29oEGFxwEZCMvHtInad58U1lVXpxVDTjRIdBYdzo2LTvOv
 M/4H2WigJTz29a4wzOBJfwTh+GJfjw==;
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Mar 2017 10:05:47 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.36,252,1486454400"; d="scan'208";a="242519957"
Received: from shwde6388.ccr.corp.intel.com ([10.239.9.17])
 by fmsmga004.fm.intel.com with ESMTP; 31 Mar 2017 10:05:45 -0700
From: Qin Long <qin.long@intel.com>
To: edk2-devel@lists.01.org
Cc: ting.ye@intel.com, lersek@redhat.com, hao.a.wu@intel.com,
 feng.tian@intel.com, eric.dong@intel.com
Date: Sat,  1 Apr 2017 01:05:16 +0800
Message-Id: <20170331170517.4672-4-qin.long@intel.com>
X-Mailer: git-send-email 2.12.2.windows.1
In-Reply-To: <20170331170517.4672-1-qin.long@intel.com>
References: <20170331170517.4672-1-qin.long@intel.com>
Subject: [Patch 3/4] CryptoPkg/BaseCryptLib: Adding NULL checking in timer() wrapper.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 17:05:48 -0000

There are some explicit timer(NULL) calls in openssl-1.1.0xx source,
but the dummy timer() wrapper in ConstantTimeClock.c (used by PEI
and SMM module) has no any checks on NULL parameter. This will
cause the memory access issue.
This patch adds the NULL parameter checking in timer() wrapper.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
index 7f20164999..0cd90434ca 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
@@ -31,8 +31,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 time_t time (time_t *timer)
 {
-  *timer = 0;
-  return *timer;
+  if (timer != NULL) {
+    *timer = 0;
+  }
+  return 0;
 }
 
 struct tm * gmtime (const time_t *timer)
-- 
2.12.2.windows.1