From: Long Qin <qin.long@intel.com>
To: ting.ye@intel.com, hao.a.wu@intel.com, edk2-devel@lists.01.org
Cc: Qin Long <qin.long@intel.com>
Subject: [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify
Date: Fri, 19 May 2017 15:26:38 +0800 [thread overview]
Message-ID: <20170519072638.10232-1-qin.long@intel.com> (raw)
Add more NULL pointer checks before using them in DhGenerateKey and
Pkcs7GetCertificatesList functions to eliminate possible dereferenced
pointer issue.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 4 +++-
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 10 +++++++---
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
index f44684f907..391efd5c14 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
@@ -232,7 +232,9 @@ DhGenerateKey (
return FALSE;
}
- BN_bn2bin (DhPubKey, PublicKey);
+ if (PublicKey != NULL) {
+ BN_bn2bin (DhPubKey, PublicKey);
+ }
*PublicKeySize = Size;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 45d5df5e11..d564591cb7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -558,7 +558,9 @@ Pkcs7GetCertificatesList (
}
}
CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
- (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
+ if (CtxUntrusted != NULL) {
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
+ }
//
// Build certificates stack chained from Signer's certificate.
@@ -711,8 +713,10 @@ _Error:
}
sk_X509_free (Signers);
- X509_STORE_CTX_cleanup (CertCtx);
- X509_STORE_CTX_free (CertCtx);
+ if (CertCtx != NULL) {
+ X509_STORE_CTX_cleanup (CertCtx);
+ X509_STORE_CTX_free (CertCtx);
+ }
if (SingleCert != NULL) {
free (SingleCert);
--
2.12.2.windows.2
next reply other threads:[~2017-05-19 7:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-19 7:26 Long Qin [this message]
2017-05-19 7:33 ` [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify Wu, Hao A
2017-05-19 8:39 ` Ye, Ting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170519072638.10232-1-qin.long@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox