From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mx.groups.io with SMTP id smtpd.web12.11168.1594888299434944377
 for <devel@edk2.groups.io>;
 Thu, 16 Jul 2020 01:31:39 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=NWho/Dva;
 spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jiewen.yao@intel.com)
IronPort-SDR: 3hfn3m7AGPLH8CM1EXDQiY26oUiZXaJjcAln6LERaW8QiGSxrf7VcTugj2ReqBv5RPpAU30wZS
 sqQhT4UXRxzg==
X-IronPort-AV: E=McAfee;i="6000,8403,9683"; a="150724064"
X-IronPort-AV: E=Sophos;i="5.75,358,1589266800"; 
   d="scan'208";a="150724064"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jul 2020 01:31:37 -0700
IronPort-SDR: ctYQyy/g7KE6OZhnrDNrBqnu/wPOaQe55ZiIWjfrQbiWH6Nc0ksUkbusxsl9xTozsPSKKtwrpm
 H4o+I/JAdoCA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,358,1589266800"; 
   d="scan'208";a="318351136"
Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18])
  by fmsmga002.fm.intel.com with ESMTP; 16 Jul 2020 01:31:37 -0700
Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by
 ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Thu, 16 Jul 2020 01:31:37 -0700
Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by
 orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5
 via Frontend Transport; Thu, 16 Jul 2020 01:31:37 -0700
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.106)
 by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 16 Jul 2020 01:31:37 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SN2R9bkhXIzrv+2sa7EIzxIDlFr0TpptLwX8CLpZL7HLRMWZAi1/MN/zbEa0pFn58368mjYoEK6rxy16KVFeJt+D1JfIvY2Fd3WblievJlBhmMIddS5zuqIvJ1Zs3qmX379xRN7GqBd8hgOUMdAZJRAP0cKrmOM7a1VXTziMtKtbGeL9V01EK6HEbEdbIvUgSSgaK2wRcaXqw9JKvvXGZ2gbLRWrnKD10dtuw189XnF8hfYHscSK3hUPt/A9ImC7QUyfuQ6cRjPXqHhaP+5japI2nByhrOoAgUOsbPLPlLIMZ/DJoSDzikyhz24awcR5bGvaIzmUxxGM8qoMPyWVPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=4VDsAGW9Lph2xymNqdMYqA14LOLLqMEG1bw61Gxt3oY=;
 b=ak3jjDlSrEdVWi0VVfq6OyT3Ois2bSm7i8zSdGbiWvGs6Z4hQw4yqStqIQaGmJiNNldbF8/yRx6JVkuP+oopOOOflilEhqjDLiiz8xkQXGm9/A4m8fm85XWWosA1vfN1BUb2c/kNHwDiiwyyIXNYYHSok5amgnD1J0BjUNydERUhfIjAjvJtu2Pza2RTBF3c4tq0xYsKjvv2vOTqAnY2e/E/alj4zRltSyFih9/DvT/4kCRnEyOaBjf1iFFOB3a4gx61K3ZMaTIRKvm69+kmE/+hw/2a8cdPg/xT57LDrkIhoyN7VSbZipVICgop6hr22QIy9sEgRLk/AB2AbhNBPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=4VDsAGW9Lph2xymNqdMYqA14LOLLqMEG1bw61Gxt3oY=;
 b=NWho/DvayYbE/n0YnFzf92uNRLXIRxULBT8O5LziTy+0vWeYvpgydZCKepWD1TEM7PN9qPINSPpwJGM+gu0A3eSJ6odijSXbfnL1UmLGlnNtbCXonarv7naViVCoD9ynWQoPBNlM/Zd58d361RP20B04Owh7U0lz45LcsgWJLAs=
Received: from DM5PR11MB2026.namprd11.prod.outlook.com (2603:10b6:3:10::17) by
 DM6PR11MB3260.namprd11.prod.outlook.com (2603:10b6:5:b::30) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3174.23; Thu, 16 Jul 2020 08:31:34 +0000
Received: from DM5PR11MB2026.namprd11.prod.outlook.com
 ([fe80::e19d:1de4:c479:da4]) by DM5PR11MB2026.namprd11.prod.outlook.com
 ([fe80::e19d:1de4:c479:da4%4]) with mapi id 15.20.3174.026; Thu, 16 Jul 2020
 08:31:34 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Vin Xue <vinxue@outlook.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
Thread-Topic: [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
Thread-Index: AQHWWYP7RN7SaPFvi0Ss4UfXkRHbX6kJ4sGg
Date: Thu, 16 Jul 2020 08:31:33 +0000
Message-ID: <DM5PR11MB202684BE03FF1AAE8A7153B88C7F0@DM5PR11MB2026.namprd11.prod.outlook.com>
References: <SL2PR03MB4442B5E811788CC301735B4EC5610@SL2PR03MB4442.apcprd03.prod.outlook.com>
In-Reply-To: <SL2PR03MB4442B5E811788CC301735B4EC5610@SL2PR03MB4442.apcprd03.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiY2Y3Y2ZiZDQtYTBhMS00MzdmLWFiYjctMDVkZjJjZTA5ZWY5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiXC9URXk5OVl6RW5GV3YwODdxeEhMVEN3U3dIUXRTb0MyMG5HZ2tGR0VyaUZvZWo5ZlhMSDB4VHVtdjBJU1wvUXdqIn0=
x-ctpclassification: CTP_NT
dlp-version: 11.2.0.6
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: outlook.com; dkim=none (message not signed)
 header.d=none;outlook.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.198.147.216]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a89fdd52-c082-4f23-380a-08d82962a5f9
x-ms-traffictypediagnostic: DM6PR11MB3260:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB326068F182252AAE14E2EB6F8C7F0@DM6PR11MB3260.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2803;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JDO7dH2cGIupV+dnccszAWRyezxYlPVXndqHeY+oyLweThBDHCbHoY4n95TnpUy+fsNKMGuVnisNezGJ49UuRbQncuVsBqmGinPbQyDFJl9SwpVSy8cQNZpM66gHPMHpur3dKsYq8ac0UKcc7ttE719lm/Y2aczqv+m4MrBClZ8NGJtkV8ABnh4P2o0tWdVhvZ6MgSxZO0+UZzu/s1imX1W08XkrzqQf5DJLWhObtajhF1ZIHucv/5TrXiK6McR9ryuKOTeL2xhT4V4N70vK9lhnwHJWAzHxuqawCfzcjFoNP8Na17BRPmFEr494T8+itXO2uVVM3WmmY4lFSAVrFw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR11MB2026.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(136003)(366004)(39860400002)(346002)(376002)(26005)(53546011)(186003)(33656002)(9686003)(107886003)(316002)(7696005)(52536014)(110136005)(6506007)(66946007)(4326008)(66446008)(55016002)(86362001)(71200400001)(66556008)(66476007)(5660300002)(64756008)(76116006)(2906002)(478600001)(8676002)(83380400001)(8936002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: BJ1cpxwAaUUZAMowUf75dH0VglqzWvqbIp0zUOzZ1P3j74n6Q9QO/Ykbk4RvC1N+0RcyFlrVC+jofUDRcB9Z8zkdXF7E9r4jnUsHhqk5E7zrnrrJvwUnfVdi9RrTCPn+YyFUDXx1SyI9SqSDZEpGr0v9Ws6WV+n6YeJe5hIb3SEZ5SRY6ZHNdf7S+qejOJeT9txBdsWq6cKLH7hPkbtIm8zrvrPJ8AxdJImilE2UC1nSt42Z1vc6w8+AvajZvVJdFrbzi9mVq3vS3+rWJZjCwEGOf8aSz1mgY5/IRlUzl7FMx+y+P8uVVdxT0rVsLY3BClvYvby+ZEaTU2dxAs0rX0SvDlCFj/gzdh0+R5yQz0XgYohUJ0rBLezgfkZ69AX4j5WO4Ccfw+zsNOGYx+b9VJ3J2SQ9mb5CMI+cpqtmnDZafn7qLDU8TkMhR5D1SuqKIGOuGkQENPH3OohG5F6r9n8tZ5MWhrNwZuMYdccPyB+FKbBcGyTXMzXAPFx9p8ea
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR11MB2026.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a89fdd52-c082-4f23-380a-08d82962a5f9
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2020 08:31:33.9773
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9qCsCpPDaNkWYDcf/VAxLprzOLxhVRwm7shOLKcuTcwV6bhWTvK7TzY6JC9PtRLVi60z+NZpdkhwe/oGMJxgxA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3260
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Vin Xue <vinxue@outlook.com>
> Sent: Tuesday, July 14, 2020 10:10 AM
> To: devel@edk2.groups.io
> Cc: Vin Xue <vinxue@outlook.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
>=20
> Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf
> pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf
> should not be NULL and the NULL pointer dereference case
> should be false positive.
>=20
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Vin Xue <vinxue@outlook.com>
> ---
>  .../SystemFirmwareUpdateDxe.c                 | 39 ++++++++++---------
>  1 file changed, 21 insertions(+), 18 deletions(-)
>=20
> diff --git
> a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> index bdb70bdb32..ea795cd7db 100644
> ---
> a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> +++
> b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> @@ -681,32 +681,35 @@ FindMatchingFmpHandles (
>      //
>=20
>      // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
>=20
>      //
>=20
> -    FmpImageInfoBuf =3D OriginalFmpImageInfoBuf;
>=20
>      MatchFound =3D FALSE;
>=20
> -    for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) {
>=20
> -      for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; In=
dex3++) {
>=20
> -        MatchFound =3D CompareGuid (
>=20
> -                       &FmpImageInfoBuf->ImageTypeId,
>=20
> -                       &mSystemFmpPrivate->ImageDescriptor[Index3].Image=
TypeId
>=20
> -                       );
>=20
> +    if (OriginalFmpImageInfoBuf !=3D NULL) {
>=20
> +      FmpImageInfoBuf =3D OriginalFmpImageInfoBuf;
>=20
> +
>=20
> +      for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) {
>=20
> +        for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; =
Index3++)
> {
>=20
> +          MatchFound =3D CompareGuid (
>=20
> +                        &FmpImageInfoBuf->ImageTypeId,
>=20
> +                        &mSystemFmpPrivate->ImageDescriptor[Index3].Imag=
eTypeId
>=20
> +                        );
>=20
> +          if (MatchFound) {
>=20
> +            break;
>=20
> +          }
>=20
> +        }
>=20
>          if (MatchFound) {
>=20
>            break;
>=20
>          }
>=20
> +        //
>=20
> +        // Increment the buffer pointer ahead by the size of the descrip=
tor
>=20
> +        //
>=20
> +        FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8
> *)FmpImageInfoBuf) + DescriptorSize);
>=20
>        }
>=20
>        if (MatchFound) {
>=20
> -        break;
>=20
> +        HandleBuffer[*HandleCount] =3D HandleBuffer[Index];
>=20
> +        (*HandleCount)++;
>=20
>        }
>=20
> -      //
>=20
> -      // Increment the buffer pointer ahead by the size of the descripto=
r
>=20
> -      //
>=20
> -      FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8
> *)FmpImageInfoBuf) + DescriptorSize);
>=20
> -    }
>=20
> -    if (MatchFound) {
>=20
> -      HandleBuffer[*HandleCount] =3D HandleBuffer[Index];
>=20
> -      (*HandleCount)++;
>=20
> -    }
>=20
>=20
>=20
> -    FreePool (OriginalFmpImageInfoBuf);
>=20
> +      FreePool (OriginalFmpImageInfoBuf);
>=20
> +    }
>=20
>    }
>=20
>=20
>=20
>    if ((*HandleCount) =3D=3D 0) {
>=20
> --
> 2.27.0.windows.1