From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D24672063E06C for ; Fri, 31 Mar 2017 22:40:32 -0700 (PDT) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP; 31 Mar 2017 22:40:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,256,1486454400"; d="scan'208";a="67679635" Received: from shwde6388.ccr.corp.intel.com ([10.239.9.17]) by orsmga002.jf.intel.com with ESMTP; 31 Mar 2017 22:40:28 -0700 From: Long Qin To: edk2-devel@lists.01.org Cc: ting.ye@intel.com, hao.a.wu@intel.com, feng.tian@intel.com, eric.dong@intel.com, lersek@redhat.com, Qin Long Date: Sat, 1 Apr 2017 13:38:33 +0800 Message-Id: <20170401053834.12856-4-qin.long@intel.com> X-Mailer: git-send-email 2.12.2.windows.1 In-Reply-To: <20170401053834.12856-1-qin.long@intel.com> References: <20170401053834.12856-1-qin.long@intel.com> Subject: [PATCH v2 3/4] CryptoPkg/BaseCryptLib: Adding NULL checking in time() wrapper. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Apr 2017 05:40:33 -0000 From: Qin Long There are some explicit time(NULL) calls in openssl-1.1.0xx source, but the dummy time() wrapper in ConstantTimeClock.c (used by PEI and SMM module) has no any checks on NULL parameter. This is one bug and will cause the memory access issue. This patch adds the NULL parameter checking in time() wrapper. Cc: Ting Ye Cc: Eric Dong Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c index 7f20164999..0cd90434ca 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c @@ -31,8 +31,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. time_t time (time_t *timer) { - *timer = 0; - return *timer; + if (timer != NULL) { + *timer = 0; + } + return 0; } struct tm * gmtime (const time_t *timer) -- 2.12.2.windows.1