From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.1661.1581566616018178782 for ; Wed, 12 Feb 2020 20:03:39 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: dandan.bi@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Feb 2020 20:03:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,434,1574150400"; d="scan'208";a="380976149" Received: from shwdeopenpsi114.ccr.corp.intel.com ([10.239.157.126]) by orsmga004.jf.intel.com with ESMTP; 12 Feb 2020 20:03:37 -0800 From: "Dandan Bi" To: devel@edk2.groups.io Cc: Liming Gao , Eric Dong , Jian J Wang Subject: [patch 2/2] MdeModulePkg/DisplayEngine: Zero memory before free (CVE-2019-14558) Date: Thu, 13 Feb 2020 12:03:03 +0800 Message-Id: <20200213040303.53336-3-dandan.bi@intel.com> X-Mailer: git-send-email 2.18.0.windows.1 In-Reply-To: <20200213040303.53336-1-dandan.bi@intel.com> References: <20200213040303.53336-1-dandan.bi@intel.com> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1611 Cc: Liming Gao Cc: Eric Dong Cc: Jian J Wang Signed-off-by: Dandan Bi --- MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c index 7d9486112b..1087004939 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c +++ b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c @@ -821,10 +821,11 @@ PasswordProcess ( // // Old password exist, ask user for the old password // Status = ReadString (MenuOption, gPromptForPassword, StringPtr); if (EFI_ERROR (Status)) { + ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16)); FreePool (StringPtr); return Status; } // @@ -838,11 +839,11 @@ PasswordProcess ( // PasswordInvalid (); } else { Status = EFI_SUCCESS; } - + ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16)); FreePool (StringPtr); return Status; } } @@ -854,10 +855,11 @@ PasswordProcess ( if (EFI_ERROR (Status)) { // // Reset state machine for password // Question->PasswordCheck (gFormData, Question, NULL); + ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16)); FreePool (StringPtr); return Status; } // @@ -869,10 +871,12 @@ PasswordProcess ( if (EFI_ERROR (Status)) { // // Reset state machine for password // Question->PasswordCheck (gFormData, Question, NULL); + ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16)); + ZeroMem (TempString, (Maximum + 1) * sizeof (CHAR16)); FreePool (StringPtr); FreePool (TempString); return Status; } -- 2.18.0.windows.1