From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.15771.1664099595634988893 for ; Sun, 25 Sep 2022 02:53:16 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FudykiWl; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664099595; x=1695635595; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=qaLayI6YclrhKeatqVdF22nCTPz1NaYuzne9CqDSjsY=; b=FudykiWlWQGnKCtTEJjFIVcKmxav44KIwhGkAItI8eXcZNMF88auWvko X0/cLMPVznvgTcq2VD//5YCCsgxkfN1YomBUJ6SxwnLV0MA0SzYhn+qB7 bXMx3MZEGarWcG+5gziArXV0N+zJq0u0nG3UOVVFnsKEbF8gVntmlIOiT IQc+7kTKDsWBjN9MtSBelSTK80KGwyjVrYZOYHCC5laPJdI/HNZcySMNF aKwG9DtQjDG0CFmNrnXwyBJQMXVUP8iS9TN4ePsnz+Gln9hQH7qnMiUh6 2nwl8DQ6yLZlBjJErZFi1Lqt2E6QwiYteWOnWUhzT5hsXpdBbnQ3wQ7Ba g==; X-IronPort-AV: E=McAfee;i="6500,9779,10480"; a="298447829" X-IronPort-AV: E=Sophos;i="5.93,344,1654585200"; d="scan'208";a="298447829" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Sep 2022 02:53:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,344,1654585200"; d="scan'208";a="724685893" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga002.fm.intel.com with ESMTP; 25 Sep 2022 02:53:15 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 25 Sep 2022 02:53:14 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Sun, 25 Sep 2022 02:53:14 -0700 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.48) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Sun, 25 Sep 2022 02:53:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T4Crw8nQxCIAkKzhGnqVF5HjC0s7Mc8nweY1883wospnIHMEeTRGPCLehEPQ4Dx4ERBzkIoXO9qSC9Zw8ak+kFKbfqYCaDhBL6PCRJJ+m2TG2lc9AAebxSxNnx/Gbwv2z64MutHmjr7fKAgMs6oM0ikIY2nHMvmRjSCOKMZmnGw/nr/hJq524XhT9texl5jGksBJ+BoxUJcCV8tz+CB3Sf/26ZWgg7J1m5R54+iPuPOV5r6Mq2b/oWmqpB4z5A9a2z/hCG2aLoHv9sjygPbj6hW5y0nWWy6A4Z/W2vxHfvuybfj3WUTYKs+42QpgKXkc5iAJaY8b1A/X7D/yeIKrlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CXMhsLAP7hV45RAUsYhZ9/oO9VNdjs3JzbtRQ2uHqXk=; b=muDeZd/0q8M6327c/YAZlnfZMS69PKiJkT7sYXdx/6Mc/IQy6TWL7iBTXQunXdrmReCFJ68jyn5hl2aXQIwt14pcoKAaPoMMIdnN7Tp2FxR6Ljij+xFwH5XknUL4QzamtIhoK0mKOuBzMfb7Z5w4weiVcuLnKiF3cpk0Pm9qPUPqkxqiZGNKynm5i2mO+6J5j9nQmfRvhmUbX4PpFE7RtguzmI2RRM0MczHOHi17qzaM0wxcXKeXYKAjDTE+P3f9jsGHGULTmfz9e19Q8dBE9UrCXUkRo8yYKP8vj/iMEv140MDTYCSQ5cyioi9KXwZn4QsCi7w6fClBd14aSz7V9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by MW4PR11MB6571.namprd11.prod.outlook.com (2603:10b6:303:1e2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.22; Sun, 25 Sep 2022 09:53:13 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c17d:f1c9:e958:b5e]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c17d:f1c9:e958:b5e%6]) with mapi id 15.20.5654.024; Sun, 25 Sep 2022 09:53:12 +0000 From: "Yao, Jiewen" To: "Li, Yi1" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, Xiaoyu1" , "Jiang, Guomin" Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() Thread-Topic: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() Thread-Index: AQHYzoJbcTlrL1q9hkOE7kEK2OR3cq3v5TqQgAAGSHA= Date: Sun, 25 Sep 2022 09:53:12 +0000 Message-ID: References: <17172FDE2E57E722.30869@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.500.17 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|MW4PR11MB6571:EE_ x-ms-office365-filtering-correlation-id: 0aa734f9-3670-48eb-34e0-08da9edbc282 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +z/ZVMmfjJNekZkVCEEZP2innYpIXoLjKZbBEQr7YycvglsDPgiVRZXPa3B9WraAf+vBF77RyDrijGPQnT04gYqUwjFxYabU3ZJnrI+8e2+QcAtj0z2xvir3bwuEWBz95rtHA4lXpkJjt8FSzrHGu1p6g2remFuhqjO3gMNYN/UIMPX8J5wzjHWRccdS8DkcE2d6JYIeUR40B+7BzejIWE9M+H3hO7D4k3Z4iPIMOYP0rgu9lf9o/rQDCFbwNC/xtZKI9uJcbLcKXgwVFycP19bobKNl9dEtCyqjP/FPk+vTEKoD2AxCuGIbcdvl5wHM5UgsyluIj1ytzkr/Csh3bPUeFcETrMNFHm6lO4r1Dhe2UqrxIrJ8GitBTpPfdDAXXb/Ida4VKCljsXpBI/MpNdRiUx3JJKL3AIlqdhujLzhAyZImdgwuOmg+fK9DTZtg8KXrRXziFOGqKhy7hXABD5A0zCn9gEGV4eqdWMXgp+v5eT67ZicB5lu6ncwCMhBttmiiaXSoKxNMlNe2zjOHqzIhvSqepoQ0JOwq9rLTbVV2EbL7f0xdO1LEsJFmOrpnZMTuvl/TQ2P6ZMVD9V0ulGzaeMDPj/Efez2rPirY6LHS4hZiybycTLQHBfl3M7CmFT+3EKKRHwT4KmIaIplrDWjgFhHJs8urcyDtLv0Dw01VzhzQCas23yZTRGVCZ3T1RPm85YwxIK/lkOzahCxxcdZhTdacI6gSgfKnwElwWBzdD+b0TWN/1kAOlAr/zSV7Ao4Qcy+Xef8JVZEwB9XNE2FZiSzQ5lhaTZNLz1HEAyg8v58QS+/Y8caBvBl0soG7bYM3ZLn5+vN+RhY9LhlBxg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(376002)(346002)(39860400002)(396003)(136003)(366004)(451199015)(41300700001)(8936002)(6506007)(7696005)(53546011)(5660300002)(26005)(52536014)(122000001)(83380400001)(107886003)(82960400001)(38070700005)(186003)(33656002)(9686003)(2906002)(54906003)(38100700002)(55016003)(110136005)(66446008)(316002)(66476007)(4326008)(8676002)(66946007)(64756008)(66556008)(76116006)(478600001)(966005)(71200400001)(86362001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?tFw4DVLhW7RCn8WyL/MZfloHsht1E/Rez9cHVfJjdGPrzG2PvOh83gIti+Jm?= =?us-ascii?Q?hDsNrhCQoAW0DCLGBF6tuz2qXJRe1HfWKt+vHqTh5ZGxAGQw4rBvzENkC5a5?= =?us-ascii?Q?ohxze5xHnp8xbCiR8M22rS7blLKUvpmN/nBe1AzRqqq+y98b31DRXzi/M9Y0?= =?us-ascii?Q?LODI8v8Gelp0+I/DXkx9sIzkCZ0th+aeskhCuqcWXdPlyVTNceTNjoUHBJ32?= =?us-ascii?Q?HxlPmX46ZmPYVJGp3fwPJ9M1eP/yXZOyWKJjxLlZCS298KDFtEA/AUD5yK/3?= =?us-ascii?Q?SRchDdYfV2YG5iDoDDXTYrrBfxf5pyVRTahTS3UCQbBYhmoKDkp5oYuLxS9U?= =?us-ascii?Q?p7p6iCZCU7hWNIrEVPRpIRuJN5oOEorUtJbkN6itLJFs/tSsDl3NyNk76XHc?= =?us-ascii?Q?c9rCTsTkWNi1O5WqNHdaUQeDp4tSXrYPMdy14+uuntPT3bfjooXgTQg29h8+?= =?us-ascii?Q?9CG/jxZ0SLmQMhX2VPYJzmeTMjQqOf01amw+B+1mawVfkeCg9lG44Dh1sImi?= =?us-ascii?Q?AN2IQabbEXh4mhj8dSsdbbXWsZo2G3Z1CD0VP36xpvM8PjikRE1Zbv3LdreL?= =?us-ascii?Q?M2pEq1rAI2LRDPAwhovvTi7rOocH4w+ftAybxAH7Ob0E9Vp+cdD1lnHebPMA?= =?us-ascii?Q?1e/emitEyHNTwUTN7nY5Hg7HmpOenXDK/R+dGwUfmBuFW1wz/s/aqQD15q9i?= =?us-ascii?Q?Aq2BWoDpdPp3DTX0gE3c1smKeJ7A6OYMmIkZICi0fC5gSPmckf44maoccig0?= =?us-ascii?Q?eckN1hniWKDC+AKeoMqJq5JOweRI8PMNkfp/XfGCXl9c9Z0lRAXyGsIQnkJh?= =?us-ascii?Q?80KUVgLs3qLHPvzUy0lnBiU4kQmbbCFsFXtypJeU6KsykEjH09NUB9Eav1Qz?= =?us-ascii?Q?0d0qvtRV/Dm9Orx1h4vGXHkFdI3t198aF9yrNQWg/KS8w89zrEDLVs9OS0Ea?= =?us-ascii?Q?A/Qa3QCZW041zrDKIRKOG8W3RdC60TGpsEHXSrwIKeigzFql75NwC/JOOle4?= =?us-ascii?Q?VojeqGLT6cyfNYfbpdCLguTfRAlheWv4iysI0DCbUo+P9zNV1uX+XXAZ7tXv?= =?us-ascii?Q?OS9rDheR4ImeP24suAXRenfUEgdGMSEnM5yc5uFsR8AlQkN24JRQztn6XcJF?= =?us-ascii?Q?ti7my/gZb3xV8vzQWTKhKXKBi+nPIZuHeqEne80Ntt0TbT4Hf/JjfTYPjqtO?= =?us-ascii?Q?vTi3gooOrsUaKWVW8kwHWXxk5kIoxwZEWR0PDz+/vxWbxvyTrsZ7U2dCZqfR?= =?us-ascii?Q?e6UcK7Aq4WEe47SMgflUGkShPGgo/lf6YN4lCLCpSagLDUYephDGjPlQzw92?= =?us-ascii?Q?CsUH19tCQSFgBS29VvF9ceLolFkuWrXb8cj0NjJ1DgdPLFqImnJq3drzAWwv?= =?us-ascii?Q?gxpjba0VCuCujVTGN/WtVXaebxWW2BOT2vIAyeW0fN3edRPGSQ9RwWCTII3/?= =?us-ascii?Q?7a0gweL6xwATgj7yp3nVMlw2Wk6RFG8qkL3lxm+d5FvxtFil7QydNS+/0awY?= =?us-ascii?Q?7DClnVESuo41q+vK0n3ZSPjlszU5O5obIesR+P771HnwRKlMlryZcKHfz8tH?= =?us-ascii?Q?BvpbpO+BSn6SuKQZTKunni9qXlbQ4x4b93FlGI5l?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0aa734f9-3670-48eb-34e0-08da9edbc282 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2022 09:53:12.4373 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: MIKL0vjD8X9mgk1G2s8/vaAmgY5hkex4j4a2XWmnZVP65qs0kU6+EVsaUxmky5cC4MLvU638ebgF4mROwaIjkQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB6571 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks. The solution looks good. I recommend to add more comments below: // Because the function does not actually print anything to buf, it returns= -1 as error. // Otherwise, the consumer may think that the buf is valid and parse the bu= ffer. With comment change, reviewed-by: Jiewen Yao > -----Original Message----- > From: Li, Yi1 > Sent: Sunday, September 25, 2022 5:40 PM > To: devel@edk2.groups.io; Li, Yi1 ; Yao, Jiewen > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; Jiang, Guomin > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer- > overflow due to BIO_snprintf() >=20 > Hi Jiewen, > Can you take a look at this patch? > WPA3 Tls API fuzzing is blocked because of same pem API. >=20 > Thanks, > Yi >=20 > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of yi1 li > Sent: Thursday, September 22, 2022 8:53 PM > To: devel@edk2.groups.io > Cc: Li, Yi1 ; Yao, Jiewen ; Wang, > Jian J ; Lu, Xiaoyu1 ; Jiang= , > Guomin > Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow > due to BIO_snprintf() >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4075 >=20 > Fake BIO_snprintf() need to return error status -1. 0 will be considered = a > correct return value, this may cause crash, please refer to bugzilla link= for > details. >=20 > Signed-off-by: Yi Li >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > --- > CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c > b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c > index c1fc33538f..d7d8c206ed 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c > +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c > @@ -494,7 +494,7 @@ BIO_snprintf ( > ... > ) > { > - return 0; > + return -1; > } >=20 > #ifdef __GNUC__ > -- > 2.31.1.windows.1 >=20 >=20 >=20 >=20 >=20