From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qin.long@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.65; helo=mga03.intel.com;
 envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id E8C6B2034AB35
 for <edk2-devel@lists.01.org>; Tue, 31 Oct 2017 01:36:28 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Oct 2017 01:40:19 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,323,1505804400"; d="scan'208";a="169920587"
Received: from shwdepsi940.ccr.corp.intel.com ([10.239.9.122])
 by fmsmga006.fm.intel.com with ESMTP; 31 Oct 2017 01:40:18 -0700
From: Long Qin <qin.long@intel.com>
To: edk2-devel@lists.01.org
Cc: ting.ye@intel.com,
	lersek@redhat.com,
	jian.j.wang@intel.com
Date: Tue, 31 Oct 2017 16:39:28 +0800
Message-Id: <20171031083930.12800-1-qin.long@intel.com>
X-Mailer: git-send-email 2.14.1.windows.1
Subject: [PATCH 0/2] CryptoPkg/BaseCryptLib: Correct CRT realloc Wrapper
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 08:36:29 -0000

There is one long-standing problem in current CRT realloc wrapper
implementation, which will cause the obvious buffer overflow issue
when re-allocating memory block.
One BZ report: https://bugzilla.tianocore.org/show_bug.cgi?id=605

This patch series is to fix this buffer overflow issue by introducing
one extra header to record the memory buffer size information.
And extra comments were also added to clarify the memory release routines
if the caller is required to free the memory block outside the function.

Long Qin (2):
  CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
  CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free

 CryptoPkg/Include/Library/BaseCryptLib.h           | 16 +++--
 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c |  5 +-
 .../Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c   |  3 +-
 .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c     | 15 +++--
 .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 13 ++--
 .../BaseCryptLib/SysCall/BaseMemAllocation.c       | 72 +++++++++++++++++++---
 6 files changed, 97 insertions(+), 27 deletions(-)

-- 
2.14.1.windows.1