From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BFFB421BC6A24 for ; Fri, 31 Mar 2017 11:45:55 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 29E067AEA2; Fri, 31 Mar 2017 18:45:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 29E067AEA2 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lersek@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 29E067AEA2 Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-153.phx2.redhat.com [10.3.116.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id A80BB62926; Fri, 31 Mar 2017 18:45:53 +0000 (UTC) To: Qin Long , edk2-devel@lists.01.org References: <20170331170517.4672-1-qin.long@intel.com> <20170331170517.4672-4-qin.long@intel.com> Cc: ting.ye@intel.com, hao.a.wu@intel.com, feng.tian@intel.com, eric.dong@intel.com From: Laszlo Ersek Message-ID: <9812f014-580f-daad-fe58-4df3cbf76bf0@redhat.com> Date: Fri, 31 Mar 2017 20:45:52 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170331170517.4672-4-qin.long@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 31 Mar 2017 18:45:55 +0000 (UTC) Subject: Re: [Patch 3/4] CryptoPkg/BaseCryptLib: Adding NULL checking in timer() wrapper. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2017 18:45:55 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 03/31/17 19:05, Qin Long wrote: > There are some explicit timer(NULL) calls in openssl-1.1.0xx source, > but the dummy timer() wrapper in ConstantTimeClock.c (used by PEI > and SMM module) has no any checks on NULL parameter. This will > cause the memory access issue. > This patch adds the NULL parameter checking in timer() wrapper. > > Cc: Ting Ye > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Qin Long > --- > CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c > index 7f20164999..0cd90434ca 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c > +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c > @@ -31,8 +31,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > > time_t time (time_t *timer) > { > - *timer = 0; > - return *timer; > + if (timer != NULL) { > + *timer = 0; > + } > + return 0; > } > > struct tm * gmtime (const time_t *timer) > This looks okay, except the function is called time(), not timer(). Please update the commit message (both subject line and body -- several instances). Thanks, Laszlo