[edk2-devel] [PATCH] CryptoPkg: Check ASN1_get

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [edk2-devel] [PATCH] CryptoPkg: Check ASN1_get_object() return value
@ 2024-05-17 10:37 Sountharya N via groups.io
  0 siblings, 0 replies; 2+ messages in thread
From: Sountharya N via groups.io @ 2024-05-17 10:37 UTC (permalink / raw)
  To: devel@edk2.groups.io, Sountharya N
  Cc: Prarthana Sagar V, Gayathri Thunuguntla, Srinivasan Mani,
	yi1.li@intel.com

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509

ASN1_get_object() returns (0x80) in error case and it is compared with (0x00). If ASN1_get_object() returns 0x80 it should returns FALSE, but here it is compared with (0x00) and if it returns 0x80 it is coming out of the condition and makes the function TRUE.

Cc: Sountharya N <sountharyan@ami.com>

Cc: Prarthana Sagar V <prarthanasv@ami.com>

Cc: Gayathri Thunuguntla <gayathrit@ami.com>

Cc: Srinivasan Mani <srinivasanm@ami.com>

Cc: Yi Li <yi1.li@intel.com>

Signed-off-by: Sountharya N <sountharyan@ami.com>
---
 ...e-check-ASN1_get_object-return-value.patch | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 0001-Add-variable-check-ASN1_get_object-return-value.patch

diff --git a/0001-Add-variable-check-ASN1_get_object-return-value.patch b/0001-Add-variable-check-ASN1_get_object-return-value.patch
new file mode 100644
index 0000000000..3bd7f69ab2
--- /dev/null
+++ b/0001-Add-variable-check-ASN1_get_object-return-value.patch
@@ -0,0 +1,47 @@
+grom 4bffb95cc9f16f1ee25155b0dde9e7dc7288134a Mon Sep 17 00:00:00 2001
+From: Sountharya N <sountharyan@ami.com>
+Date: Fri, 17 May 2024 15:30:51 +0530
+Subject: [PATCH] Add variable&check ASN1_get_object() return value
+To: sountharyan@ami.com
+
+REF: "https://bugzilla.tianocore.org/show_bug.cgi?id=4509"
+
+ASN1_get_object() returns (0x80) in error case and it is compared with (0x00). If ASN1_get_object() returns 0x80 it should returns FALSE, but here it is compared with (0x00) and if it returns 0x80 it is coming out of the condition and makes the function TRUE.
+
+Cc: Sountharya N <sountharyan@ami.com>
+
+Cc: Shenba <shenbagadevir@ami.com>
+
+Signed-off-by: Sountharya N <sountharyan@ami.com>
+---
+ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+index 1182323b63..021cc328f8 100644
+--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
++++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+@@ -839,17 +839,17 @@ X509GetTBSCert (
+   Length = 0;

+   Inf    = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);

+

+-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

++  if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) {

+     return FALSE;

+   }

+

+   *TBSCert = (UINT8 *)Temp;

+

+-  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);

++  Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);

+   //

+   // Verify the parsed TBSCertificate is one correct SEQUENCE data.

+   //

+-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

++  if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) {

+     return FALSE;

+   }

+

+--
+2.35.1.windows.2
+
--
2.35.1.windows.2
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119053): https://edk2.groups.io/g/devel/message/119053
Mute This Topic: https://groups.io/mt/106158469/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [edk2-devel] [PATCH] CryptoPkg: Check ASN1_get_object() return value
@ 2024-05-17 11:47 Sountharya N via groups.io
  0 siblings, 0 replies; 2+ messages in thread
From: Sountharya N via groups.io @ 2024-05-17 11:47 UTC (permalink / raw)
  To: devel@edk2.groups.io, Sountharya N
  Cc: Prarthana Sagar V, Gayathri Thunuguntla, Srinivasan Mani,
	yi1.li@intel.com

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509

In ASN1_get_object(), Inf should compare with 0x80 instead of 0x00.

Cc: Sountharya N <sountharyan@ami.com>

Signed-off-by: Sountharya N <sountharyan@ami.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63..021cc328f8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;

   Inf    = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);



-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) {

     return FALSE;

   }



   *TBSCert = (UINT8 *)Temp;



-  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);

+  Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);

   //

   // Verify the parsed TBSCertificate is one correct SEQUENCE data.

   //

-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) {

     return FALSE;

   }



--
2.35.1.windows.2
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119054): https://edk2.groups.io/g/devel/message/119054
Mute This Topic: https://groups.io/mt/106158469/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-05-17 17:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-17 10:37 [edk2-devel] [PATCH] CryptoPkg: Check ASN1_get_object() return value Sountharya N via groups.io
  -- strict thread matches above, loose matches on Subject: below --
2024-05-17 11:47 Sountharya N via groups.io

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox