From: "Ye, Ting" <ting.ye@intel.com>
To: "Long, Qin" <qin.long@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify
Date: Fri, 19 May 2017 08:39:32 +0000 [thread overview]
Message-ID: <BC0C045B0E2A584CA4575E779FA2C12A1A8F02F4@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <20170519072638.10232-1-qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
-----Original Message-----
From: Long, Qin
Sent: Friday, May 19, 2017 3:27 PM
To: Ye, Ting <ting.ye@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; edk2-devel@lists.01.org
Cc: Long, Qin <qin.long@intel.com>
Subject: [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify
Add more NULL pointer checks before using them in DhGenerateKey and Pkcs7GetCertificatesList functions to eliminate possible dereferenced pointer issue.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 4 +++-
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 10 +++++++---
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
index f44684f907..391efd5c14 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
@@ -232,7 +232,9 @@ DhGenerateKey (
return FALSE;
}
- BN_bn2bin (DhPubKey, PublicKey);
+ if (PublicKey != NULL) {
+ BN_bn2bin (DhPubKey, PublicKey);
+ }
*PublicKeySize = Size;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 45d5df5e11..d564591cb7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -558,7 +558,9 @@ Pkcs7GetCertificatesList (
}
}
CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
- (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
+ if (CtxUntrusted != NULL) {
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer); }
//
// Build certificates stack chained from Signer's certificate.
@@ -711,8 +713,10 @@ _Error:
}
sk_X509_free (Signers);
- X509_STORE_CTX_cleanup (CertCtx);
- X509_STORE_CTX_free (CertCtx);
+ if (CertCtx != NULL) {
+ X509_STORE_CTX_cleanup (CertCtx);
+ X509_STORE_CTX_free (CertCtx);
+ }
if (SingleCert != NULL) {
free (SingleCert);
--
2.12.2.windows.2
prev parent reply other threads:[~2017-05-19 8:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-19 7:26 [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify Long Qin
2017-05-19 7:33 ` Wu, Hao A
2017-05-19 8:39 ` Ye, Ting [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BC0C045B0E2A584CA4575E779FA2C12A1A8F02F4@SHSMSX103.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox