* [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku [not found] <20201021023228.1884-1-kun.q@outlook.com> @ 2020-10-21 2:32 ` Kun Qin 2020-10-21 13:31 ` [edk2-devel] " Laszlo Ersek 2020-11-14 0:31 ` Yao, Jiewen 0 siblings, 2 replies; 13+ messages in thread From: Kun Qin @ 2020-10-21 2:32 UTC (permalink / raw) To: devel; +Cc: Jian J Wang, Xiaoyu Lu, Jiewen Yao, Guomin Jiang REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL PKCS7_free function will release the memory of SignerCert when applicable. Freeing SignerCert with X509_free again might cause page fault if use- after-free guard is enabled. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> --- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c index c9fdb65b99d1..40cc39afe7dd 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -508,10 +508,6 @@ Exit: free (SignedData); } - if (SignerCert != NULL) { - X509_free (SignerCert); - } - if (Pkcs7 != NULL) { PKCS7_free (Pkcs7); } -- 2.28.0.windows.1 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-10-21 2:32 ` [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun Qin @ 2020-10-21 13:31 ` Laszlo Ersek 2020-11-14 0:31 ` Yao, Jiewen 1 sibling, 0 replies; 13+ messages in thread From: Laszlo Ersek @ 2020-10-21 13:31 UTC (permalink / raw) To: devel, kun.q; +Cc: Jian J Wang, Xiaoyu Lu, Jiewen Yao, Guomin Jiang On 10/21/20 04:32, Kun Qin wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > PKCS7_free function will release the memory of SignerCert when applicable. Is this a security issue? Thanks Laszlo > Freeing SignerCert with X509_free again might cause page fault if use- > after-free guard is enabled. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Guomin Jiang <guomin.jiang@intel.com> > > Signed-off-by: Kun Qin <kun.q@outlook.com> > --- > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > index c9fdb65b99d1..40cc39afe7dd 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > @@ -508,10 +508,6 @@ Exit: > free (SignedData); > > } > > > > - if (SignerCert != NULL) { > > - X509_free (SignerCert); > > - } > > - > > if (Pkcs7 != NULL) { > > PKCS7_free (Pkcs7); > > } > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-10-21 2:32 ` [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun Qin 2020-10-21 13:31 ` [edk2-devel] " Laszlo Ersek @ 2020-11-14 0:31 ` Yao, Jiewen 2020-11-20 5:39 ` 回复: [edk2-devel] " gaoliming 1 sibling, 1 reply; 13+ messages in thread From: Yao, Jiewen @ 2020-11-14 0:31 UTC (permalink / raw) To: Kun Qin, devel@edk2.groups.io Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin, Yao, Jiewen Sorry, I missed this email. Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > -----Original Message----- > From: Kun Qin <kun.q@outlook.com> > Sent: Wednesday, October 21, 2020 10:32 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Jiang, > Guomin <guomin.jiang@intel.com> > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > CryptPkcs7VerifyEku > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > PKCS7_free function will release the memory of SignerCert when applicable. > Freeing SignerCert with X509_free again might cause page fault if use- > after-free guard is enabled. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Guomin Jiang <guomin.jiang@intel.com> > > Signed-off-by: Kun Qin <kun.q@outlook.com> > --- > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > index c9fdb65b99d1..40cc39afe7dd 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > @@ -508,10 +508,6 @@ Exit: > free (SignedData); > > } > > > > - if (SignerCert != NULL) { > > - X509_free (SignerCert); > > - } > > - > > if (Pkcs7 != NULL) { > > PKCS7_free (Pkcs7); > > } > > -- > 2.28.0.windows.1 ^ permalink raw reply [flat|nested] 13+ messages in thread
* 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-14 0:31 ` Yao, Jiewen @ 2020-11-20 5:39 ` gaoliming 2020-11-22 7:09 ` Kun Qin 0 siblings, 1 reply; 13+ messages in thread From: gaoliming @ 2020-11-20 5:39 UTC (permalink / raw) To: devel, jiewen.yao, 'Kun Qin' Cc: 'Wang, Jian J', 'Lu, XiaoyuX', 'Jiang, Guomin' Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io > <bounce+27952+67567+4905953+8761045@groups.io> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com>; devel@edk2.groups.io > 抄送: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Yao, > Jiewen <jiewen.yao@intel.com> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Jiang, > > Guomin <guomin.jiang@intel.com> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Guomin Jiang <guomin.jiang@intel.com> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-20 5:39 ` 回复: [edk2-devel] " gaoliming @ 2020-11-22 7:09 ` Kun Qin 2020-11-22 12:25 ` Yao, Jiewen 0 siblings, 1 reply; 13+ messages in thread From: Kun Qin @ 2020-11-22 7:09 UTC (permalink / raw) To: gaoliming, devel@edk2.groups.io, jiewen.yao@intel.com Cc: 'Wang, Jian J', 'Lu, XiaoyuX', 'Jiang, Guomin' [-- Attachment #1: Type: text/plain, Size: 3370 bytes --] Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io > <bounce+27952+67567+4905953+8761045@groups.io> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com>; devel@edk2.groups.io > 抄送: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Yao, > Jiewen <jiewen.yao@intel.com> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Jiang, > > Guomin <guomin.jiang@intel.com> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Guomin Jiang <guomin.jiang@intel.com> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 7451 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-22 7:09 ` Kun Qin @ 2020-11-22 12:25 ` Yao, Jiewen 2020-11-23 0:49 ` 回复: " gaoliming 2020-11-23 1:16 ` Kun Qin 0 siblings, 2 replies; 13+ messages in thread From: Yao, Jiewen @ 2020-11-22 12:25 UTC (permalink / raw) To: Kun Qin, gaoliming, devel@edk2.groups.io Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin [-- Attachment #1: Type: text/plain, Size: 4547 bytes --] I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com> Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io>> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>>; Yao, > Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jiang, > > Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > > Cc: Guomin Jiang <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 10036 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-22 12:25 ` Yao, Jiewen @ 2020-11-23 0:49 ` gaoliming 2020-11-23 1:16 ` Kun Qin 1 sibling, 0 replies; 13+ messages in thread From: gaoliming @ 2020-11-23 0:49 UTC (permalink / raw) To: devel, jiewen.yao, 'Kun Qin' Cc: 'Wang, Jian J', 'Lu, XiaoyuX', 'Jiang, Guomin', lersek, 'Leif Lindholm', michael.d.kinney, afish [-- Attachment #1: Type: text/plain, Size: 5525 bytes --] Jiewen: I am OK to merge this bug fix into this stable tag. If no objection, you can merge it tomorrow. Thanks Liming 发件人: bounce+27952+67779+4905953+8761045@groups.io <bounce+27952+67779+4905953+8761045@groups.io> 代表 Yao, Jiewen 发送时间: 2020年11月22日 20:26 收件人: Kun Qin <kun.q@outlook.com>; gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io 抄送: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> > Cc: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Jiang, Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming <mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> ; 'Kun Qin' <mailto:kun.q@outlook.com> Cc: 'Wang, Jian J' <mailto:jian.j.wang@intel.com> ; 'Lu, XiaoyuX' <mailto:xiaoyux.lu@intel.com> ; 'Jiang, Guomin' <mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io <mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io <mailto:bounce+27952+67567+4905953+8761045@groups.io> > 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX > <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Jiang, Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> >; Yao, > Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> > > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com <mailto:Jiewen.yao@intel.com> > > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX > > <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Jiang, > > Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> > > > Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> > > > Cc: Guomin Jiang <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > > > > > Signed-off-by: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 12745 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-22 12:25 ` Yao, Jiewen 2020-11-23 0:49 ` 回复: " gaoliming @ 2020-11-23 1:16 ` Kun Qin 2020-11-23 1:24 ` Yao, Jiewen 1 sibling, 1 reply; 13+ messages in thread From: Kun Qin @ 2020-11-23 1:16 UTC (permalink / raw) To: Yao, Jiewen, gaoliming, devel@edk2.groups.io Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin [-- Attachment #1: Type: text/plain, Size: 5155 bytes --] Hi Jiewen, It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 04:25 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com> Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io>> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>>; Yao, > Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jiang, > > Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > > Cc: Guomin Jiang <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 10744 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-23 1:16 ` Kun Qin @ 2020-11-23 1:24 ` Yao, Jiewen 2020-11-23 22:49 ` kun.q 0 siblings, 1 reply; 13+ messages in thread From: Yao, Jiewen @ 2020-11-23 1:24 UTC (permalink / raw) To: Kun Qin, gaoliming, devel@edk2.groups.io Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin [-- Attachment #1: Type: text/plain, Size: 6375 bytes --] Sure. It seems Liming already approves it. I will wait one more day to see if there is any other objection from the people in different time zone. At mean time, I need your help to double confirm that, this patch can be merged without any CI error. So, please try Pull-Request by yourself and make sure it pass all CI checks. I have some bad experience that CI error occurs finally, which prevent me from committing. Then we have to go back ask original submitter to fix and generate patch again. It may cause delay and miss the timeline. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com> Sent: Monday, November 23, 2020 9:17 AM To: Yao, Jiewen <jiewen.yao@intel.com>; gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 04:25 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io>> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>>; Yao, > Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jiang, > > Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > > Cc: Guomin Jiang <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 13364 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-23 1:24 ` Yao, Jiewen @ 2020-11-23 22:49 ` kun.q 2020-11-24 1:26 ` 回复: " gaoliming 0 siblings, 1 reply; 13+ messages in thread From: kun.q @ 2020-11-23 22:49 UTC (permalink / raw) To: Yao, Jiewen, gaoliming, devel@edk2.groups.io Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin [-- Attachment #1: Type: text/plain, Size: 7213 bytes --] Hi Jiewen, It looks like the v2 patch went through: https://edk2.groups.io/g/devel/message/67823?p=,,,20,0,0,0::Created,,double+free,20,2,0,78456278 I also ran the CI build against the branch that has this patch, the PR seems to be closed after dependency analysis. But edk2 top of master CI build was failing as is. Please let me know how you would like to proceed. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 17:24 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Sure. It seems Liming already approves it. I will wait one more day to see if there is any other objection from the people in different time zone. At mean time, I need your help to double confirm that, this patch can be merged without any CI error. So, please try Pull-Request by yourself and make sure it pass all CI checks. I have some bad experience that CI error occurs finally, which prevent me from committing. Then we have to go back ask original submitter to fix and generate patch again. It may cause delay and miss the timeline. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com> Sent: Monday, November 23, 2020 9:17 AM To: Yao, Jiewen <jiewen.yao@intel.com>; gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 04:25 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io>> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>>; Yao, > Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jiang, > > Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > > Cc: Guomin Jiang <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 14492 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-23 22:49 ` kun.q @ 2020-11-24 1:26 ` gaoliming 2020-11-24 1:31 ` Yao, Jiewen [not found] ` <164A4D9262108CA1.16773@groups.io> 0 siblings, 2 replies; 13+ messages in thread From: gaoliming @ 2020-11-24 1:26 UTC (permalink / raw) To: 'Kun Qin', 'Yao, Jiewen', devel Cc: 'Wang, Jian J', 'Lu, XiaoyuX', 'Jiang, Guomin' [-- Attachment #1: Type: text/plain, Size: 8316 bytes --] Kun: I see the personal PR (https://github.com/tianocore/edk2/pull/1140 ) passed all checks. So, I think there is no issue for this patch. Thanks Liming 发件人: Kun Qin <kun.q@outlook.com> 发送时间: 2020年11月24日 6:49 收件人: Yao, Jiewen <jiewen.yao@intel.com>; gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io 抄送: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> 主题: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It looks like the v2 patch went through: https://edk2.groups.io/g/devel/message/67823?p=,,,20,0,0,0::Created,,double+ free,20,2,0,78456278 I also ran the CI build against the branch that has this patch, the PR seems to be closed after dependency analysis. But edk2 top of master CI build was failing as is. Please let me know how you would like to proceed. Thanks, Kun From: Yao, Jiewen <mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 17:24 To: Kun Qin <mailto:kun.q@outlook.com> ; gaoliming <mailto:gaoliming@byosoft.com.cn> ; devel@edk2.groups.io <mailto:devel@edk2. groups.io> Cc: Wang, Jian J <mailto:jian.j.wang@intel.com> ; Lu, XiaoyuX <mailto:xiaoyux.lu@intel.com> ; Jiang, Guomin <mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Sure. It seems Liming already approves it. I will wait one more day to see if there is any other objection from the people in different time zone. At mean time, I need your help to double confirm that, this patch can be merged without any CI error. So, please try Pull-Request by yourself and make sure it pass all CI checks. I have some bad experience that CI error occurs finally, which prevent me from committing. Then we have to go back ask original submitter to fix and generate patch again. It may cause delay and miss the timeline. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > Sent: Monday, November 23, 2020 9:17 AM To: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> Cc: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Jiang, Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged. Thanks, Kun From: Yao, Jiewen <mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 04:25 To: Kun Qin <mailto:kun.q@outlook.com> ; gaoliming <mailto:gaoliming@byosoft.com.cn> ; devel@edk2.groups.io <mailto:devel@edk2. groups.io> Cc: Wang, Jian J <mailto:jian.j.wang@intel.com> ; Lu, XiaoyuX <mailto:xiaoyux.lu@intel.com> ; Jiang, Guomin <mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> > Cc: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Jiang, Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming <mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> ; 'Kun Qin' <mailto:kun.q@outlook.com> Cc: 'Wang, Jian J' <mailto:jian.j.wang@intel.com> ; 'Lu, XiaoyuX' <mailto:xiaoyux.lu@intel.com> ; 'Jiang, Guomin' <mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io <mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io <mailto:bounce+27952+67567+4905953+8761045@groups.io> > 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX > <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Jiang, Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> >; Yao, > Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> > > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com <mailto:Jiewen.yao@intel.com> > > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Lu, XiaoyuX > > <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> >; Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Jiang, > > Guomin <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com <mailto:xiaoyux.lu@intel.com> > > > Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> > > > Cc: Guomin Jiang <guomin.jiang@intel.com <mailto:guomin.jiang@intel.com> > > > > > Signed-off-by: Kun Qin <kun.q@outlook.com <mailto:kun.q@outlook.com> > > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 18079 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 2020-11-24 1:26 ` 回复: " gaoliming @ 2020-11-24 1:31 ` Yao, Jiewen [not found] ` <164A4D9262108CA1.16773@groups.io> 1 sibling, 0 replies; 13+ messages in thread From: Yao, Jiewen @ 2020-11-24 1:31 UTC (permalink / raw) To: devel@edk2.groups.io, gaoliming@byosoft.com.cn, 'Kun Qin' Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin [-- Attachment #1: Type: text/plain, Size: 8870 bytes --] I saw Mike just announced “[edk2-devel] EDK II CI Status - Failed”. Maybe that is the reason you saw some failure. I will help to push, once this CI failure issue is resolved. From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming Sent: Tuesday, November 24, 2020 9:27 AM To: 'Kun Qin' <kun.q@outlook.com>; Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: I see the personal PR (https://github.com/tianocore/edk2/pull/1140 ) passed all checks. So, I think there is no issue for this patch. Thanks Liming 发件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> 发送时间: 2020年11月24日 6:49 收件人: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> 主题: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It looks like the v2 patch went through: https://edk2.groups.io/g/devel/message/67823?p=,,,20,0,0,0::Created,,double+free,20,2,0,78456278 I also ran the CI build against the branch that has this patch, the PR seems to be closed after dependency analysis. But edk2 top of master CI build was failing as is. Please let me know how you would like to proceed. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 17:24 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Sure. It seems Liming already approves it. I will wait one more day to see if there is any other objection from the people in different time zone. At mean time, I need your help to double confirm that, this patch can be merged without any CI error. So, please try Pull-Request by yourself and make sure it pass all CI checks. I have some bad experience that CI error occurs finally, which prevent me from committing. Then we have to go back ask original submitter to fix and generate patch again. It may cause delay and miss the timeline. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> Sent: Monday, November 23, 2020 9:17 AM To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 04:25 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io>> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>>; Yao, > Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jiang, > > Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > > Cc: Guomin Jiang <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 18869 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
[parent not found: <164A4D9262108CA1.16773@groups.io>]
* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku [not found] ` <164A4D9262108CA1.16773@groups.io> @ 2020-11-26 3:26 ` Yao, Jiewen 0 siblings, 0 replies; 13+ messages in thread From: Yao, Jiewen @ 2020-11-26 3:26 UTC (permalink / raw) To: devel@edk2.groups.io, Yao, Jiewen, gaoliming@byosoft.com.cn, 'Kun Qin' Cc: Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin [-- Attachment #1: Type: text/plain, Size: 9672 bytes --] Merged. https://github.com/tianocore/edk2/pull/1147 githash: 21f984cedec1c613218480bc3eb5e92349a7a812 Thank you Yao Jiewen From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen Sent: Tuesday, November 24, 2020 9:32 AM To: devel@edk2.groups.io; gaoliming@byosoft.com.cn; 'Kun Qin' <kun.q@outlook.com> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I saw Mike just announced “[edk2-devel] EDK II CI Status - Failed”. Maybe that is the reason you saw some failure. I will help to push, once this CI failure issue is resolved. From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of gaoliming Sent: Tuesday, November 24, 2020 9:27 AM To: 'Kun Qin' <kun.q@outlook.com<mailto:kun.q@outlook.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: I see the personal PR (https://github.com/tianocore/edk2/pull/1140 ) passed all checks. So, I think there is no issue for this patch. Thanks Liming 发件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> 发送时间: 2020年11月24日 6:49 收件人: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> 主题: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It looks like the v2 patch went through: https://edk2.groups.io/g/devel/message/67823?p=,,,20,0,0,0::Created,,double+free,20,2,0,78456278 I also ran the CI build against the branch that has this patch, the PR seems to be closed after dependency analysis. But edk2 top of master CI build was failing as is. Please let me know how you would like to proceed. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 17:24 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Sure. It seems Liming already approves it. I will wait one more day to see if there is any other objection from the people in different time zone. At mean time, I need your help to double confirm that, this patch can be merged without any CI error. So, please try Pull-Request by yourself and make sure it pass all CI checks. I have some bad experience that CI error occurs finally, which prevent me from committing. Then we have to go back ask original submitter to fix and generate patch again. It may cause delay and miss the timeline. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> Sent: Monday, November 23, 2020 9:17 AM To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Jiewen, It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged. Thanks, Kun From: Yao, Jiewen<mailto:jiewen.yao@intel.com> Sent: Sunday, November 22, 2020 04:25 To: Kun Qin<mailto:kun.q@outlook.com>; gaoliming<mailto:gaoliming@byosoft.com.cn>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Lu, XiaoyuX<mailto:xiaoyux.lu@intel.com>; Jiang, Guomin<mailto:guomin.jiang@intel.com> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> Sent: Sunday, November 22, 2020 3:10 PM To: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun From: gaoliming<mailto:gaoliming@byosoft.com.cn> Sent: Thursday, November 19, 2020 9:39 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>; 'Kun Qin'<mailto:kun.q@outlook.com> Cc: 'Wang, Jian J'<mailto:jian.j.wang@intel.com>; 'Lu, XiaoyuX'<mailto:xiaoyux.lu@intel.com>; 'Jiang, Guomin'<mailto:guomin.jiang@intel.com> Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun: This is a bug fix. It passed code review. Do you request to merge it for this stable tag 202011? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io> > <bounce+27952+67567+4905953+8761045@groups.io<mailto:bounce+27952+67567+4905953+8761045@groups.io>> 代表 Yao, Jiewen > 发送时间: 2020年11月14日 8:32 > 收件人: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > 抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Jiang, Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>>; Yao, > Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer > double free in CryptPkcs7VerifyEku > > Sorry, I missed this email. > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>> > > > > -----Original Message----- > > From: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > Sent: Wednesday, October 21, 2020 10:32 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jiang, > > Guomin <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in > > CryptPkcs7VerifyEku > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 > > > > SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL > > PKCS7_free function will release the memory of SignerCert when applicable. > > Freeing SignerCert with X509_free again might cause page fault if use- > > after-free guard is enabled. > > > > Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com<mailto:xiaoyux.lu@intel.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> > > Cc: Guomin Jiang <guomin.jiang@intel.com<mailto:guomin.jiang@intel.com>> > > > > Signed-off-by: Kun Qin <kun.q@outlook.com<mailto:kun.q@outlook.com>> > > --- > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > > 1 file changed, 4 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > index c9fdb65b99d1..40cc39afe7dd 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > > @@ -508,10 +508,6 @@ Exit: > > free (SignedData); > > > > } > > > > > > > > - if (SignerCert != NULL) { > > > > - X509_free (SignerCert); > > > > - } > > > > - > > > > if (Pkcs7 != NULL) { > > > > PKCS7_free (Pkcs7); > > > > } > > > > -- > > 2.28.0.windows.1 > > > > > [-- Attachment #2: Type: text/html, Size: 21106 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-11-26 3:26 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20201021023228.1884-1-kun.q@outlook.com>
2020-10-21 2:32 ` [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Kun Qin
2020-10-21 13:31 ` [edk2-devel] " Laszlo Ersek
2020-11-14 0:31 ` Yao, Jiewen
2020-11-20 5:39 ` 回复: [edk2-devel] " gaoliming
2020-11-22 7:09 ` Kun Qin
2020-11-22 12:25 ` Yao, Jiewen
2020-11-23 0:49 ` 回复: " gaoliming
2020-11-23 1:16 ` Kun Qin
2020-11-23 1:24 ` Yao, Jiewen
2020-11-23 22:49 ` kun.q
2020-11-24 1:26 ` 回复: " gaoliming
2020-11-24 1:31 ` Yao, Jiewen
[not found] ` <164A4D9262108CA1.16773@groups.io>
2020-11-26 3:26 ` Yao, Jiewen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox