From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "Long, Qin" <qin.long@intel.com>, "Ye, Ting" <ting.ye@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify
Date: Fri, 19 May 2017 07:33:44 +0000 [thread overview]
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A0931CA57CB@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <20170519072638.10232-1-qin.long@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Best Regards,
Hao Wu
> -----Original Message-----
> From: Long, Qin
> Sent: Friday, May 19, 2017 3:27 PM
> To: Ye, Ting; Wu, Hao A; edk2-devel@lists.01.org
> Cc: Long, Qin
> Subject: [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and
> P7Verify
>
> Add more NULL pointer checks before using them in DhGenerateKey and
> Pkcs7GetCertificatesList functions to eliminate possible dereferenced
> pointer issue.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Hao Wu <hao.a.wu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 4 +++-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 10 +++++++---
> 2 files changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
> index f44684f907..391efd5c14 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
> @@ -232,7 +232,9 @@ DhGenerateKey (
> return FALSE;
> }
>
> - BN_bn2bin (DhPubKey, PublicKey);
> + if (PublicKey != NULL) {
> + BN_bn2bin (DhPubKey, PublicKey);
> + }
> *PublicKeySize = Size;
> }
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
> index 45d5df5e11..d564591cb7 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
> @@ -558,7 +558,9 @@ Pkcs7GetCertificatesList (
> }
> }
> CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
> - (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
> + if (CtxUntrusted != NULL) {
> + (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
> + }
>
> //
> // Build certificates stack chained from Signer's certificate.
> @@ -711,8 +713,10 @@ _Error:
> }
> sk_X509_free (Signers);
>
> - X509_STORE_CTX_cleanup (CertCtx);
> - X509_STORE_CTX_free (CertCtx);
> + if (CertCtx != NULL) {
> + X509_STORE_CTX_cleanup (CertCtx);
> + X509_STORE_CTX_free (CertCtx);
> + }
>
> if (SingleCert != NULL) {
> free (SingleCert);
> --
> 2.12.2.windows.2
next prev parent reply other threads:[~2017-05-19 7:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-19 7:26 [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify Long Qin
2017-05-19 7:33 ` Wu, Hao A [this message]
2017-05-19 8:39 ` Ye, Ting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B80AF82E9BFB8E4FBD8C89DA810C6A0931CA57CB@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox