From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.349.1605313912602683634 for ; Fri, 13 Nov 2020 16:31:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=WKMaOyj7; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) IronPort-SDR: ZxnZrW7zxqe0kcyXJZAEzmkKMM3UPHJneF7yzD1DTNXpTCDXMTwfVulz6B8OygElEqh5N00Eb7 L/RZbvCpsS2A== X-IronPort-AV: E=McAfee;i="6000,8403,9804"; a="157571047" X-IronPort-AV: E=Sophos;i="5.77,477,1596524400"; d="scan'208";a="157571047" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Nov 2020 16:31:47 -0800 IronPort-SDR: oBDydzo8bT7IcfeBQfPdyaWGrgPpeZ6PhXz5+D4iJXLwuXXvJ4rvL7mFnIuTSoypt1OzC7uhMx 7JeKksWy80yw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,477,1596524400"; d="scan'208";a="531215045" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga006.fm.intel.com with ESMTP; 13 Nov 2020 16:31:45 -0800 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 13 Nov 2020 16:31:45 -0800 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 13 Nov 2020 16:31:44 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Fri, 13 Nov 2020 16:31:44 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Fri, 13 Nov 2020 16:31:44 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MF+ucBl4eoKka48g6xQCGq8gaWjlLtzz1rboaZGyfJcb19b5z3ynu7Kux/PfTDlyGu/MAn/4Ks78Ugc8jMP6VnZ7MYQarp0FG5y7rTjPLn6rNqaZ+hQ4b0DRpyJLX1s+oEGEdVjpwicgvtC9FHBhgsjZ3EmXIEI2+rz+HXylYaXnhZJfy/GirzCr6jcZTRCb9Cjg62YloB0M9lZp0xLdD0a8IaJNRd3elPoMHE6jgZBXCLz9j561S/umizJiR9g8lXBrCgNoL4BRWYhenZlfO6Xs7xnwdoCiKQjB9BH8INHiXd6iYWd6DWXhJjX2p3HwF5Llj2HMhPYl0wEALeERgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9SOFMVyt2UnIONYr99HDrvHush5KedqVt0qYL1vEaOU=; b=a600rEuYmTlv4rM6rRPInQEV+nwSwD3zDf7KPY6TM3/cPATQ63ABt/MWQv11znZoPxSPJhyInkWir9LjZUdCmd6DoI18t/TVygzDwHsxCZNs45sNFhtv4JKA0K20/TjPi4reVtom5NDvglnJaHQj3ChGnmzTEZcEmt7fvsVoJTVcrYNgxWbC1RxT3eKJL17tO+5RpcVK8RZRZoBYkXuf3hAvfoAlr+caoCdSqskwnPI96QTBTpyqMLlZ3enpzCdO6bxBW7GDM/VroQMAjZzVopOgTpjkJAz2PQ1AwGB1pxLM98SoOXaaWZoGPJXPnfxggaY0Am1D+BAElab6tmCosw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9SOFMVyt2UnIONYr99HDrvHush5KedqVt0qYL1vEaOU=; b=WKMaOyj7nbKPDi2v8JABMowkSj4YXH+3xLzIs9U+04u/9a5krxRiEb0/1cjnpKLI/E+Et7Q2ug40IvhJlku0SZb2Y5hwj2QjwBg2CNvTXnppnF9xmLwxhBT8xyBo3prNcvjfh5ysPiRyM1jvzutqYvWfH1U/xH6Cc02oBYqDwUQ= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR1101MB2119.namprd11.prod.outlook.com (2603:10b6:910:20::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.23; Sat, 14 Nov 2020 00:31:43 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::a188:2994:6c14:aad7]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::a188:2994:6c14:aad7%12]) with mapi id 15.20.3541.025; Sat, 14 Nov 2020 00:31:42 +0000 From: "Yao, Jiewen" To: Kun Qin , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" , "Yao, Jiewen" Subject: Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Thread-Topic: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Thread-Index: AQHWp1J5Q64idonWo0yFylHuhPHcg6nG7DeQ Date: Sat, 14 Nov 2020 00:31:42 +0000 Message-ID: References: <20201021023228.1884-1-kun.q@outlook.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: outlook.com; dkim=none (message not signed) header.d=none;outlook.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.211] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c70b54ff-107e-4ece-3770-08d88834a917 x-ms-traffictypediagnostic: CY4PR1101MB2119: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1186; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: N506FIy8NExuTU4NEB2gjhg4UJycHgcUJrvqkugZJ3mrepWIWXPd2Qd0rKgkrE8TM0Z3zzIOHPs2lYq1gx4phzMKOSKjvWSrfjBZPaFOrP5cXcOwF+4mQLicOS1ohnshEy0Wxxslv1Sl/Qf4th1vRzIkTIwKtNFnjdErYJVkQtiMb0BZF8yGFgpuzSXT/C2SlmqIM21WXIQmeI0gIcQNZozfBoe5Ks3wbNS6C8zrW228RvJkQ5VJ9oAVLr5BO1v05up/tuoZrKoAirnoildPASm8omC8u27PojZGkkHiO2x3a/44GidDw2NIPMz8d9rh/aHBbLskYP2bchg5lg4uv3yVMJ5RL13NxQUepamH52j3y3Glh2dvn4Vu7+0Vb+jp8BrsDI1EwVuCq0QC8UJ/ig== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(136003)(346002)(366004)(396003)(5660300002)(33656002)(19627235002)(9686003)(66446008)(54906003)(86362001)(4326008)(83380400001)(316002)(110136005)(55016002)(8676002)(2906002)(478600001)(66946007)(66556008)(76116006)(26005)(8936002)(53546011)(107886003)(186003)(966005)(64756008)(7696005)(71200400001)(6506007)(52536014)(66476007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: bwY9cqmHL7aTrmJReL1fiBMQN5W8K/aeUT1E8mdEyIQ/Mll+YAeKXzlRSAW9Hz7BwPlXPVWhYJqV8KjpfYHfoyXv3saqXD8e4zXkmCEnzLwN5U6m7ygwu2rDpTfWtzK1nBUtO2/2YPsdg0Dw5gaYV+Rwb7keMlS/gUJXQmuDBT/373w/2LZCSE1sOxSzrAm7+4y0NspV3bBB9R2rC2zzuO0/d9d/z2iXHXEM+AwtPsGZ6Cpbg4lv1rz3cxfotmWLx8g+P4LnWVzGPE/3yD1MDmQHEjFBSnHZcIQtgHEKpLNXCwaMQhjqj9kIM6WzhN+NeE4JIOrIhbDZRi6NgVM7FODScwZZdUPvoPfVQCO2C7kEZB2ZRxlvQGGWucjfcgXOZiioFnb6d8dLJhvQ+vBCIImPWZmi7rapRrObw588ybdZabCRzx4Kmktq+D3xkdSkH/DO1c/1Xe7yfpRDrAbS3w6wpDGTteu+T3Bb3LmG7BZzaFKm5sZN/73XrXKIFwhZXphvVbZMf0zEV8oR+uy+r/z3vqmYc+eRQylHjRjuYp1Zq5Mr//iuBUEzGcak/qfr/0OsrvAwo1fHURYuWRB0EgZvm0+ajEs96L7jju0a64fr/3brILEWheCtdsaVG7SWgvl0zNh1j7zgAc61EDd2dg== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c70b54ff-107e-4ece-3770-08d88834a917 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2020 00:31:42.8143 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: apfa6gG+oFcZvD1m6ktSaKaK0kJhE0PZgA6lFGX3hfZBBppmky2UhHqwmYWrR4AOWkPDHUaDlaN3pC0iAIUHcA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2119 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sorry, I missed this email. Reviewed-by: Jiewen Yao > -----Original Message----- > From: Kun Qin > Sent: Wednesday, October 21, 2020 10:32 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > ; Yao, Jiewen ; Jiang, > Guomin > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free i= n > CryptPkcs7VerifyEku >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2459 >=20 > SignerCert is part of Pkcs7 instance when both have valid content. OpenSL= L > PKCS7_free function will release the memory of SignerCert when applicable= . > Freeing SignerCert with X509_free again might cause page fault if use- > after-free guard is enabled. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Jiewen Yao > Cc: Guomin Jiang >=20 > Signed-off-by: Kun Qin > --- > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- > 1 file changed, 4 deletions(-) >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > index c9fdb65b99d1..40cc39afe7dd 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c > @@ -508,10 +508,6 @@ Exit: > free (SignedData); >=20 > } >=20 >=20 >=20 > - if (SignerCert !=3D NULL) { >=20 > - X509_free (SignerCert); >=20 > - } >=20 > - >=20 > if (Pkcs7 !=3D NULL) { >=20 > PKCS7_free (Pkcs7); >=20 > } >=20 > -- > 2.28.0.windows.1