[PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
       [not found] <cover.1664121031.git.yi1.li@intel.com>
@ 2022-09-26  0:24 ` yi1 li
  2022-09-26  1:45   ` Yao, Jiewen
  0 siblings, 1 reply; 2+ messages in thread
From: yi1 li @ 2022-09-26  0:24 UTC (permalink / raw)
  To: devel; +Cc: Yi Li, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
	Jiewen Yao

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075

Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Yi Li <yi1.li@intel.com>
reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..b65d29485b 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,9 @@ BIO_snprintf (
   ...
   )
 {
-  return 0;
+  // Because the function does not actually print anything to buf, it returns -1 as error.
+  // Otherwise, the consumer may think that the buf is valid and parse the buffer.
+  return -1;
 }
 
 #ifdef __GNUC__
-- 
2.31.1.windows.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
  2022-09-26  0:24 ` [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() yi1 li
@ 2022-09-26  1:45   ` Yao, Jiewen
  0 siblings, 0 replies; 2+ messages in thread
From: Yao, Jiewen @ 2022-09-26  1:45 UTC (permalink / raw)
  To: Li, Yi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin

Merged https://github.com/tianocore/edk2/pull/3401

> -----Original Message-----
> From: Li, Yi1 <yi1.li@intel.com>
> Sent: Monday, September 26, 2022 8:25 AM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 <yi1.li@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang,
> Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> Guomin <guomin.jiang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to
> BIO_snprintf()
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
> 
> Fake BIO_snprintf() does not actually print anything to buf,
> it should return -1 as error.
> 0 will be considered a correct return value, the consumer may think that
> the buf is valid and parse the buffer.
> please refer to bugzilla link for details.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> 
> Signed-off-by: Yi Li <yi1.li@intel.com>
> reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> index c1fc33538f..b65d29485b 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> @@ -494,7 +494,9 @@ BIO_snprintf (
>    ...
>    )
>  {
> -  return 0;
> +  // Because the function does not actually print anything to buf, it returns
> -1 as error.
> +  // Otherwise, the consumer may think that the buf is valid and parse the
> buffer.
> +  return -1;
>  }
> 
>  #ifdef __GNUC__
> --
> 2.31.1.windows.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-09-26  1:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cover.1664121031.git.yi1.li@intel.com>
2022-09-26  0:24 ` [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() yi1 li
2022-09-26  1:45   ` Yao, Jiewen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox