From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com [40.92.69.48])
 by mx.groups.io with SMTP id smtpd.web10.1514.1571573313801819695
 for <devel@edk2.groups.io>;
 Sun, 20 Oct 2019 05:08:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@outlook.com header.s=selector1 header.b=jVpFqwx2;
 spf=pass (domain: outlook.com, ip: 40.92.69.48, mailfrom: marvin.haeuser@outlook.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=EebMh99uVmWHVKEDq71umaLuTGcXURAB16kN/5wz4co/NI+uW2kIwuM4duVXxa95JMpMMN9zN8DdiWxUKpP9867qnH7K4qstq4zwQOusnUnLsmYslGB3tmnzXpqcYKfVh0vrGMufyAPf2K+qonPqt+d4Z6+PUp2N+FhrmExDyLa1ZQhjZRr6C9Y+EXG8Bx5nLV/t1+TpHj5tIjRh64tzVFvEh6YWkyd52g7PxXZyw12o/Fb9z1IalhFF0LhdPYgXwTzsI1gSBJgLS1o9DLxmf8tcf7OhWR0TGE9vOMC49Rrpap/ZP2jG1FrJhrZfqQHO+er2VlTLBZ3+3usmy3IeIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=3+70RWmReGEDQrm40Kk/WmMd2+4D3GL4FK/2YECwxco=;
 b=e3PG9eUKuM7ePdmowctvUnbqezZQ/MFtCa/Mx4qiRCS90E/hyXrE1DXcOe4sUCyeRnnaWo4UiPKW6ZLLP7WJ/asU4P/WZfT7u3uOa9LtTRbEibz/GfWU6DOQG1n7CyJXXc5qHB0T+L7ddHzHC6tc3tJSwOTMwjjPZ6clAe8zhklQerYQWAvNuFG6IllXgTeaigwn86Wcr6UhGduJswQUtV3VYWgod3ZW6uimsLElskWR/6Sboeb2hEvViV4dm+jXsZA8MpPuTLs/snuxoiA3wcyAzsE7AD239fHSSa3BW2zZbziq8SS/g265y0/OenMmPQBIgvsdEbnQK4fSL/dEkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=3+70RWmReGEDQrm40Kk/WmMd2+4D3GL4FK/2YECwxco=;
 b=jVpFqwx2hqM9KFW7qShaLdRrhWtLQXGZ6zEZKe/FKr2o/JSGUr2NKgUGp6CiPT+UbeHVXrhwFbKz3pk1FEzVWYJ715aClQ9BpDZXoOwgbADEOwBA8ji09S4HEBnI973mnCugXAf9CUUjo6TgXP7ueb3jpBPNQaFyr/LepI+JQ1iaCvFMvYzL4i+oj6Opx/OiH9Bo5Lw2zYTMkyGkrJOqBB8kZ7PEjmqH338n4tIG8WoJ/NttXF7wib/ijI6wKJ1CU3DBKNoc8MGSRMw09923+Zu6ZFXc9JCWh54q+8w0g+mME/8upc7LXhzy3z3GiRCVqqHYYMzQ46gkJ8xp3yKqkw==
Received: from VE1EUR02FT003.eop-EUR02.prod.protection.outlook.com
 (10.152.12.55) by VE1EUR02HT192.eop-EUR02.prod.protection.outlook.com
 (10.152.12.245) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.14; Sun, 20 Oct
 2019 12:08:31 +0000
Received: from DB7PR07MB4917.eurprd07.prod.outlook.com (10.152.12.58) by
 VE1EUR02FT003.mail.protection.outlook.com (10.152.12.112) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2367.14 via Frontend Transport; Sun, 20 Oct 2019 12:08:31 +0000
Received: from DB7PR07MB4917.eurprd07.prod.outlook.com
 ([fe80::1b8:f59a:96de:82ef]) by DB7PR07MB4917.eurprd07.prod.outlook.com
 ([fe80::1b8:f59a:96de:82ef%3]) with mapi id 15.20.2367.021; Sun, 20 Oct 2019
 12:08:31 +0000
From: =?iso-8859-1?Q?Marvin_H=E4user?= <Marvin.Haeuser@outlook.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "vit9696@protonmail.com" <vit9696@protonmail.com>, Michael D Kinney
	<michael.d.kinney@intel.com>, Liming Gao <liming.gao@intel.com>
Subject: [PATCH] MdePkg/UefiFileHandleLib: Fix potential NULL dereference
Thread-Topic: [PATCH] MdePkg/UefiFileHandleLib: Fix potential NULL dereference
Thread-Index: AQHVhz8WsmCsVfRgHEG2TcYkLyIZbg==
Date: Sun, 20 Oct 2019 12:08:31 +0000
Message-ID: 
 <DB7PR07MB4917254D22F4AA8C6B86FD98806E0@DB7PR07MB4917.eurprd07.prod.outlook.com>
Accept-Language: de-DE, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: AM0PR01CA0052.eurprd01.prod.exchangelabs.com
 (2603:10a6:208:e6::29) To DB7PR07MB4917.eurprd07.prod.outlook.com
 (2603:10a6:10:5f::30)
x-incomingtopheadermarker: 
 OriginalChecksum:03DB81CBB37319999FAF408B6DBCC8E0D9EBE3E85AA2F5C3DDA29E1119B4A439;UpperCasedChecksum:7EE66EB21050FA1D922CE72FA1D2C8FDC9A24DD064DC304328BE32EAF0412663;SizeAsReceived:7625;Count:49
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 2.23.0.windows.1
x-tmn: [YpaHeOyoSAIxQ/p9UurZ3PrARQwoFPSM]
x-microsoft-original-message-id: 
 <aa5718fc4fdc610f03912cfcfd6fd8760d866117.1571572996.git.mhaeuser@outlook.de>
x-ms-publictraffictype: Email
x-incomingheadercount: 49
x-eopattributedmessage: 0
x-ms-traffictypediagnostic: VE1EUR02HT192:
x-ms-exchange-purlcount: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 vG2NW8OfgidV2fG2QG5Hd03M1dKz3nHfmOXhxOUo5uWpC3fgCcoO2tHhW03usv+Wj372rwoHHBsnlRCznHk/bf3qytRyDQx7jpTmeDlH4IDo6mH45hZZI5SEqDKj2omgP8sQs8TaUjxc7LdgdgjQgq7rO1L4zLIXvqfdZbI1kGvw0zchskcSVCLpk6hXyFsPGq72a0tCbtbx6vAZASb8XXrSmWdmLUAYmve555r7dGU=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: e95f5f39-3f6d-4664-fbd7-08d7555638db
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2019 12:08:31.1168
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1EUR02HT192
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

From: Marvin Haeuser <mhaeuser@outlook.de>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2293

Move the NULL check in FileHandleGetInfo() to directly after the
allocation to prevent potential NULL dereferences.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Marvin Haeuser <mhaeuser@outlook.de>
---
 MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c | 28 +++++++++++-----=
----
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c b/MdePkg/=
Library/UefiFileHandleLib/UefiFileHandleLib.c
index 96913c5c02b8..5dc893833a46 100644
--- a/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c
+++ b/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c
@@ -68,19 +68,21 @@ FileHandleGetInfo (
     // error is expected.  getting size to allocate=0D
     //=0D
     FileInfo =3D AllocateZeroPool(FileInfoSize);=0D
-    //=0D
-    // now get the information=0D
-    //=0D
-    Status =3D FileHandle->GetInfo(FileHandle,=0D
-                                 &gEfiFileInfoGuid,=0D
-                                 &FileInfoSize,=0D
-                                 FileInfo);=0D
-    //=0D
-    // if we got an error free the memory and return NULL=0D
-    //=0D
-    if (EFI_ERROR(Status) && (FileInfo !=3D NULL)) {=0D
-      FreePool(FileInfo);=0D
-      FileInfo =3D NULL;=0D
+    if (FileInfo !=3D NULL) {=0D
+      //=0D
+      // now get the information=0D
+      //=0D
+      Status =3D FileHandle->GetInfo(FileHandle,=0D
+                                   &gEfiFileInfoGuid,=0D
+                                   &FileInfoSize,=0D
+                                   FileInfo);=0D
+      //=0D
+      // if we got an error free the memory and return NULL=0D
+      //=0D
+      if (EFI_ERROR(Status)) {=0D
+        FreePool(FileInfo);=0D
+        FileInfo =3D NULL;=0D
+      }=0D
     }=0D
   }=0D
   return (FileInfo);=0D
--=20
2.23.0.windows.1