From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by mx.groups.io with SMTP id smtpd.web11.37872.1669883314529894040
 for <devel@edk2.groups.io>;
 Thu, 01 Dec 2022 00:28:34 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=LDG9b3EN;
 spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1669883314; x=1701419314;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=Bz+g7JHjtvfbdUuwSESZ7a4JTVjWTFymw+wiDUX4cos=;
  b=LDG9b3EN+AB+xIMhezHSh0o3JfDdQ56dUwlJhGBgxedq6G/vYp77N01t
   kWnzP4XoTtx6qBJvYpuiQYFidZdv90A2UF6737+xUCBTGI8w6Wto5mh57
   aldfJ7SuobaKzaIWlFaevNtuVUC+84gqGktSWk4DORKXRHWA8p/zJmHYv
   6RCWYxdZID8s6gHyjrCkJLw1DkjVKGw/79noc4PweIA609S/L6atfkJIc
   /GVKojn0iFT508HAn6+1nLc6yxBg+IZNAgF9xxTP4Vb958TUmdJScxlCO
   QHzPEf3Je1e0yfh/e4jdC3wzYZFpNVZ5Z1HXjAWZFCsrx/TjA+eUSeocg
   g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10547"; a="313255901"
X-IronPort-AV: E=Sophos;i="5.96,207,1665471600"; 
   d="scan'208";a="313255901"
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Dec 2022 00:28:33 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10547"; a="769153609"
X-IronPort-AV: E=Sophos;i="5.96,207,1665471600"; 
   d="scan'208";a="769153609"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
  by orsmga004.jf.intel.com with ESMTP; 01 Dec 2022 00:28:33 -0800
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16; Thu, 1 Dec 2022 00:28:33 -0800
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16 via Frontend Transport; Thu, 1 Dec 2022 00:28:33 -0800
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.16; Thu, 1 Dec 2022 00:28:32 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Ummp3cm/naTCPwhLKNWdDrG7B7Rvl08PUSbDybRIATMoTkK2NVM9esh/vD+Dwrpk9MkkvWkl18LBOQYVQrCZcnfGt2RTQCIn+7W/Yscb0K0fiD9renu+CHzdqXRwkqICHtABy+bOA1sCucbbnTqD4WgxeQnAdnkzcIff0oFMejQ1Y92MldDADC3mLFgEJaY5NoSCuHkeVNDRMwlGzEDZ0++bweGmXOvso/aHTQ4PxGYSHz1Mj7c07hTfi1tnODNJnBJ9rf0J0rtHIYp/NcxOgP05LAiMtbjcIHvvLLcPCHCPLfeVKHXOncMC+FUasmHMTMUjFP9obGlrQd2Xr7GlGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=EJMAOXnj3J/cUJHtoIcjpHneUQXKGtLxlhhr9nuxYrI=;
 b=D4wIVHIA+EA454btN8D61tZT5cGKiPX6KFmx6CA6MyxkFvCY0bsvX8BIRTlz5W3HNN/1d8ewAVJFs+p4hFmg41DhhT2LBvOSPP5MxG+IrDuoU1PQxiKqqWOxzo2LV06RisS+ygVwucoPjVWgQ8qTGZxX1FU06Y+FqxOSSh26sEnrX2WBvxQvYIQBNbEpQMjr6iqI54porCB8g0eSH2DUvNsJBuRAHEa3Y/hlNppKVKaFR+HhrN+HBycMWkjepL8hVy/02RFKPEdHNFn5cMiEndhshWxxvGfe7NQM2UuJK7zDY9mMTd+5kVzYpLZTRqeTUvT94VbItDOQxU67018OpA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by SA2PR11MB4987.namprd11.prod.outlook.com (2603:10b6:806:113::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.23; Thu, 1 Dec
 2022 08:28:31 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::e9dd:f205:1970:4edb]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::e9dd:f205:1970:4edb%9]) with mapi id 15.20.5857.023; Thu, 1 Dec 2022
 08:28:31 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "mikuback@linux.microsoft.com" <mikuback@linux.microsoft.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
CC: Erich McMillan <emcmillan@microsoft.com>, "Jiang, Guomin"
	<guomin.jiang@intel.com>, "Wang, Jian J" <jian.j.wang@intel.com>, "Lu,
 Xiaoyu1" <xiaoyu1.lu@intel.com>
Subject: Re: [PATCH v2 04/12] CryptoPkg: Fix conditionally uninitialized variable
Thread-Topic: [PATCH v2 04/12] CryptoPkg: Fix conditionally uninitialized
 variable
Thread-Index: AQHZBBi0Y2DLYwKrFEugmz5VhJP5pK5YtYUA
Date: Thu, 1 Dec 2022 08:28:30 +0000
Message-ID: <MW4PR11MB58721A49E80FA314813C1D0D8C149@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <20221129173246.2182-1-mikuback@linux.microsoft.com>
 <20221129173246.2182-5-mikuback@linux.microsoft.com>
In-Reply-To: <20221129173246.2182-5-mikuback@linux.microsoft.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA2PR11MB4987:EE_
x-ms-office365-filtering-correlation-id: c503df47-c899-4738-6d52-08dad3760767
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0dxizi6Fdl/N1MWxB990BpSqmWgjKR1dlVV5iDOxh9aIrb9nOJrjgZqdNtBlE3DT/bgyT1kar2/Ohetkh4/LvrVDc7vwQLMlLZ/nW6FYmsCWHfTBxpPZaNYnZcUX47kvd1maHolanxlsYg9ejwp909Q2vePeOezYT7w57hj0833cB7q6uxfRcVWWNuHnhwHNoEWmBmZN4a6xcyiRaD9E2XeNOb2ZAcWybvgq88AJUTgUvC2Xk3JZY/YgFomMl4hp23Ye+N2VoIMoM7fjpqCSxqmbFqBCACxrTWxu1WB9Ya/kVn9KbhIqDs+uNBQZj3YapGVSBtPpGROr7Fo6aTiy46RTccOI3MbxsViPxH3L2fxokp4Ea/sV64Imhd587H/7FxfWuqbnLjx/KHuyDEGl2GYAYVfO6S68uFYy2m87o3rGmvd2BXWQuqB9GyFp8pHiGS2XC4DWZSmXASlf+jnxKhuKpeNvv6Igt/0t6j2OBJwGay0qi4H8MVsQ4DOZP/0jSbYS/aLGUYES0f8UIBNCPIlcvFODJe1A9Bu9FTievTrluhIDEu4l/2tz6In0xtOXP+qLfRA3fl5uKm/fBTsvkjwGVaF5RNqaFODCP3zeceIkHa/aGu9I5gO25dbZZeW0O/dgm1m7iILwqKYGtU3GIX0jMpWvhF1c04pp/z7NCxCsRV+WnenPKv0cXjN3RU/CAefMNbuk6nswM7DKayHjQQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(136003)(366004)(346002)(39860400002)(376002)(451199015)(186003)(966005)(107886003)(2906002)(83380400001)(33656002)(7696005)(6506007)(38100700002)(8676002)(66946007)(66476007)(66446008)(64756008)(41300700001)(9686003)(76116006)(82960400001)(53546011)(71200400001)(478600001)(66556008)(26005)(122000001)(8936002)(5660300002)(4326008)(316002)(86362001)(38070700005)(55016003)(19627235002)(54906003)(110136005)(52536014);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?57z7huYtq7duiSTZwBJEWFXd9TiaPT1DI6JHSvBeETc6XL43AERbzFvpJPic?=
 =?us-ascii?Q?hx6tEoVSGisHtXvGM98MEbbVFb2XqVkIiYJa2STJYjDXCsamKOyobzzY6dpM?=
 =?us-ascii?Q?tcmSumeW9nIySBVK74hE3UfnHurZh4Te8a31KrCg2STYJ8tpavwnVrrMSqFU?=
 =?us-ascii?Q?TPgMbpDIDCezgLrXvzHUW/mN6guS8D7eJByGE4TmPdivD1sSRakndLpCgL2h?=
 =?us-ascii?Q?/vE+GFPSsOuyq6UWm4O6/tmp2hcbrc+oLSpDYURJ/tvQ5l7Mwglac87uJSyJ?=
 =?us-ascii?Q?LRbMh5SzqckyzczCrsIgHQjZxBXEE3E26OwOKCl53aETkgyrsVQ9faO1FDur?=
 =?us-ascii?Q?jLYNthcFbd9QBowyfNgXCWoC4nx6XD95UL5NINdjkEA8XS+qjYWNiO3FCb4/?=
 =?us-ascii?Q?OD9T1jtlmt82fA+M5UJ1hjIqft1M2ed+ePtZyrvQtHUT3+FaDTN73Ixaoqj/?=
 =?us-ascii?Q?24h53kMJ1mULK2KtRGTEBjlFbWpd3iVq0F8EloaaYSt9fVFt5ix3T+cuf/Tw?=
 =?us-ascii?Q?DqHmXxU41DTFST5iYHE6+NDShp134Hk7ShO7u/x0GZHYE4elW0Vr7p/wJ899?=
 =?us-ascii?Q?UDRjluBV2wgZjx0ww7dKyK6ii/yHTeCkfF0pw8cmBQONE8oD3S/p6Joqwm0I?=
 =?us-ascii?Q?B+UHHVeW4DE65MuJK0osLupGyafqBNVMycx8ry1ElS36IzPdpJoLXT93tYR1?=
 =?us-ascii?Q?ADpMSAdjh/s3BbmA4i7TmcQk60uAeyvh9TRH8Lwp804r8OJWKmWusWZm2wEV?=
 =?us-ascii?Q?YUBgeo8Sbzfes+HBqCLbqiYrh0YV6+khTSB+dw9X79vmKztuXRY9UCoJWC4q?=
 =?us-ascii?Q?4tcwg4n/kKpX+MV66HsFYXhKrifkXKu7xHCO8YFBfx07B1h0v4XFAjkM/u1V?=
 =?us-ascii?Q?qIUjGlnDfInUSA82vXpJhd/pLPaGINN2YOUPqx21FgP35ddcj6SF+U+jQOOh?=
 =?us-ascii?Q?yFUME3f2fQWTjFYoqQFb3xqr/IgVbanC+QbOtiZndpORI/W2chxnIFlAxG75?=
 =?us-ascii?Q?2p9KSC5X73mIf7mMqj2OwSNqChWxNfqzXHTc1TG/2b84pqLHsRxbcNnkjJca?=
 =?us-ascii?Q?EVRjGdqihrdxZYcWeOk6jDZJvAkzIKLJqDrwVpNdjLxJjZW6fQLaiRpfFKTJ?=
 =?us-ascii?Q?AD0cW6K+bMQnRFQYpbaD8czPUmMpr4Vow+boPWjCMOmg5Yrtqjx+BRQ42Gtl?=
 =?us-ascii?Q?LEEqI+PWOWzNjAJWENS+dUmPtMeHKxZJbiFbIUy18Iwm1rwxW2q7Htd62UPO?=
 =?us-ascii?Q?8SCTLz9EadSU3acQEv3KV/rOFJ4Bmzn13smqEZeNsNmsibxlyCHtw+dnYcb9?=
 =?us-ascii?Q?KEw9tojd42PhMyT/tGOhoYp1s17S34DlqhgKetcxpmpDHcj+Bbhuo2Wp/9KD?=
 =?us-ascii?Q?k6Id/60ibJPt4avYn9uJoXzuPpvNLOd2lPI+k4LzRd0Mod5xxoKCe8fk9JZa?=
 =?us-ascii?Q?5U3PlyB5FUMZMGsL5B2D+b8ZtBegUNl66bi/k9tvUSYHpeHH29c30OT4+pDT?=
 =?us-ascii?Q?nCsIUq0Fv+0HjRVO7ZRGlP9pO26BhELeNxd8BQIhA36KWY5JzqIWUV9xHhZ/?=
 =?us-ascii?Q?9juXrceh5Bj9K73+S+9zuX3lGwVGoLz+gDbvTmqf?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c503df47-c899-4738-6d52-08dad3760767
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2022 08:28:31.0010
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 84oQhVL2jy/Fd9OWEFn5DCprzuLDLoC7NxBcmbpPnC80QK71ZhJww2kAmQpe3Nnbg1HkBZP2G3Rdt9+aHx6Uug==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR11MB4987
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
> Sent: Wednesday, November 30, 2022 1:33 AM
> To: devel@edk2.groups.io
> Cc: Erich McMillan <emcmillan@microsoft.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Michael Kubacki
> <mikuback@linux.microsoft.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>
> Subject: [PATCH v2 04/12] CryptoPkg: Fix conditionally uninitialized
> variable
>=20
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>=20
> Fixes CodeQL alerts for CWE-457:
> https://cwe.mitre.org/data/definitions/457.html
>=20
> Checks the return value from `ASN1_get_object()` to verify values
> set by the function are valid.
>=20
> Note that the function returns literal `0x80`:
>     `return (0x80);`
>=20
> That is used to check the return value is as the case in other areas
> of the code.
>=20
> Cc: Erich McMillan <emcmillan@microsoft.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael Kubacki <mikuback@linux.microsoft.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Co-authored-by: Erich McMillan <emcmillan@microsoft.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 21 +++++++++++---------
>  1 file changed, 12 insertions(+), 9 deletions(-)
>=20
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
> index 2333157e0d17..1182323b63ee 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
> @@ -807,6 +807,7 @@ X509GetTBSCert (
>    UINT32       Asn1Tag;
>    UINT32       ObjClass;
>    UINTN        Length;
> +  UINTN        Inf;
>=20
>    //
>    // Check input parameters.
> @@ -836,9 +837,9 @@ X509GetTBSCert (
>    //
>    Temp   =3D Cert;
>    Length =3D 0;
> -  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int
> *)&ObjClass, (long)CertSize);
> +  Inf    =3D ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (=
int
> *)&ObjClass, (long)CertSize);
>=20
> -  if (Asn1Tag !=3D V_ASN1_SEQUENCE) {
> +  if (((Inf & 0x80) =3D=3D 0x00) && (Asn1Tag !=3D V_ASN1_SEQUENCE)) {
>      return FALSE;
>    }
>=20
> @@ -848,7 +849,7 @@ X509GetTBSCert (
>    //
>    // Verify the parsed TBSCertificate is one correct SEQUENCE data.
>    //
> -  if (Asn1Tag !=3D V_ASN1_SEQUENCE) {
> +  if (((Inf & 0x80) =3D=3D 0x00) && (Asn1Tag !=3D V_ASN1_SEQUENCE)) {
>      return FALSE;
>    }
>=20
> @@ -1888,18 +1889,20 @@ Asn1GetTag (
>    IN     UINT32   Tag
>    )
>  {
> -  UINT8  *PtrOld;
> -  INT32  ObjTag;
> -  INT32  ObjCls;
> -  long   ObjLength;
> +  UINT8   *PtrOld;
> +  INT32   ObjTag;
> +  INT32   ObjCls;
> +  long    ObjLength;
> +  UINT32  Inf;
>=20
>    //
>    // Save Ptr position
>    //
>    PtrOld =3D *Ptr;
>=20
> -  ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag, &ObjCls,
> (INT32)(End - (*Ptr)));
> -  if ((ObjTag =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) &&
> +  Inf =3D ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag,
> &ObjCls, (INT32)(End - (*Ptr)));
> +  if (((Inf & 0x80) =3D=3D 0x00) &&
> +      (ObjTag =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) &&
>        (ObjCls =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_CLASS_MASK)))
>    {
>      *Length =3D (UINTN)ObjLength;
> --
> 2.28.0.windows.1