From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.63179.1629330322649603814 for ; Wed, 18 Aug 2021 16:45:23 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: michael.d.kinney@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10080"; a="216180089" X-IronPort-AV: E=Sophos;i="5.84,333,1620716400"; d="scan'208";a="216180089" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Aug 2021 16:45:21 -0700 X-IronPort-AV: E=Sophos;i="5.84,333,1620716400"; d="scan'208";a="531894410" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.212.191.175]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Aug 2021 16:45:21 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Rebecca Cran Subject: [edk2-libc Patch] StdLib/LibC/Uefi/Devices/Utility: Fix use after free Date: Wed, 18 Aug 2021 16:45:13 -0700 Message-Id: <20210818234513.571-1-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.32.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=38 Set MPath to NULL after free(MPath) to guarantee that MPath is not used after the free() call. Cc: Rebecca Cran Signed-off-by: Michael D Kinney --- StdLib/LibC/Uefi/Devices/Utility/Path.c | 1 + 1 file changed, 1 insertion(+) diff --git a/StdLib/LibC/Uefi/Devices/Utility/Path.c b/StdLib/LibC/Uefi/Devices/Utility/Path.c index d6728d3..fe19196 100644 --- a/StdLib/LibC/Uefi/Devices/Utility/Path.c +++ b/StdLib/LibC/Uefi/Devices/Utility/Path.c @@ -359,6 +359,7 @@ reclassify: } else if(MPath != NULL) { free(MPath); /* Caller doesn't want it so let MPath go free */ + MPath = NULL; } /* At this point, WPath is an absolute path, -- 2.32.0.windows.1