From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qin.long@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=qin.long@intel.com;
 receiver=edk2-devel@lists.01.org 
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4A59021C913B0
 for <edk2-devel@lists.01.org>; Wed,  1 Nov 2017 01:16:05 -0700 (PDT)
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 01 Nov 2017 01:19:57 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,327,1505804400"; d="scan'208";a="169841499"
Received: from shwdepsi940.ccr.corp.intel.com ([10.239.9.122])
 by fmsmga005.fm.intel.com with ESMTP; 01 Nov 2017 01:19:56 -0700
From: Long Qin <qin.long@intel.com>
To: edk2-devel@lists.01.org
Cc: jian.j.wang@intel.com,
	ting.ye@intel.com,
	lersek@redhat.com
Date: Wed,  1 Nov 2017 16:19:25 +0800
Message-Id: <20171101081927.12160-1-qin.long@intel.com>
X-Mailer: git-send-email 2.14.1.windows.1
Subject: [PATCH v2 0/2] CryptoPkg/BaseCryptLib: Correct CRT realloc Wrapper
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 08:16:05 -0000

V2 Update: Add NULL check for memory allocation failure.

There is one long-standing problem in current CRT realloc wrapper
implementation, which will cause the obvious buffer overflow issue
when re-allocating memory block.
One BZ report: https://bugzilla.tianocore.org/show_bug.cgi?id=605

This patch series is to fix this buffer overflow issue by introducing
one extra header to record the memory buffer size information.
And extra comments were also added to clarify the memory release routines
if the caller is required to free the memory block outside the function.

Long Qin (2):
  CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
  CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free

 CryptoPkg/Include/Library/BaseCryptLib.h           | 16 +++--
 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c |  5 +-
 .../Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c   |  3 +-
 .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c     | 15 ++--
 .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 13 ++--
 .../BaseCryptLib/SysCall/BaseMemAllocation.c       | 83 ++++++++++++++++++++--
 6 files changed, 108 insertions(+), 27 deletions(-)

-- 
2.14.1.windows.1