From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.92.19.109]) by mx.groups.io with SMTP id smtpd.web11.16575.1606023821265592085 for ; Sat, 21 Nov 2020 21:43:41 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=iX9lL2kT; spf=pass (domain: outlook.com, ip: 40.92.19.109, mailfrom: kun.q@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hhi8HrYKbg0E9Ghs/++d7L6viSQGQ+r90qJ76OeQIcad3o+GImeVi3J3kNZ+K7/EcD5NNMpyV/Xe1Bl/ZCcMKJhqHl2NEnlYTiKEkHxQjyvp+4DBBzSe1JfFltHB3hwx2VllzL/H7lZnRqTjLI5JBdk++KTQvPyAQPRCafuycPkg8wxhis2M8Su/pL0kl2wqoeV0c5mP7Xam2xL0T4TFItoRcYfi39juntNHvxk3UkLh5zMoXp5fq2OuSW2ULEDmREAIIFn80OK46K8QBQ4nUImK0MSbTo+fw+qUv1BSNwlb7EjG0ob48qjObg0pfaaRnG5uPXAYxzqY9scGE4IrBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7lnGwpzncI8jQPbKK1MH+UHYNNE8e/mDLdkXkiL4NA4=; b=Lx88GK+HNVjo9GDH4xre9RVMIvN3Lf698AkwRMQ6VHgu1WNH3bLmdiB/2839JXwXm2zHSzUqz6dWwi7XTSX4pVI6l2/NOlvlC2CRXofQgha6s5CnwZLIIr2/PBbhD+C9fksbTSjHKszAeEqJLldZWxQef2XHEu5VCLVj94/OxDpdTwn+UdFaVydC/turo3fObsWvjleyDn/0ZKny+gumrNp3qS3uug+xs8fxjX2+lCBRGOUMK1cPqMZjmGFek1+TkFmyInaaFcvaLkn5J7BwlGjM+i3A7yulPwEEtZ+uWQ3vUcLKFnZ4dDSjkseeHyXv3VbI2MoQkWVqCmck2I3HBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7lnGwpzncI8jQPbKK1MH+UHYNNE8e/mDLdkXkiL4NA4=; b=iX9lL2kTrPo1y0Kv0ucVKkjhbTC3AORuEh57O7dv9BYTqdNtAZjsuIvKBm5Lu3JIh2J/1qcHrwZtFjY8IA98KpeEh7D9Yz5hVfXBrzerAG3X5EadVtSuin8N/polaPbHg8e5/RzfEZWY7Ft/RcfgqUGbvoVug6I6JwLBo4wEgNwHe4PNyTwxuCxipmjTZHAlYXxrrmOMIJQCAeKQxTcs78X8WodHSYV2CEeNVjRMBJgUbe3C+MYUOW9tdXIZxOapybaCSB+bYYcT1+bZo42pdHidfIRe3oxa22q5gkV7/VCftoeYrGdIqMxfwgCq3DHSeQRVsnDafZACt0N7ntE08A== Received: from BN8NAM11FT037.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::45) by BN8NAM11HT110.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22; Sun, 22 Nov 2020 05:43:40 +0000 Received: from MWHPR06MB3102.namprd06.prod.outlook.com (2a01:111:e400:fc4b::51) by BN8NAM11FT037.mail.protection.outlook.com (2a01:111:e400:fc4b::438) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22 via Frontend Transport; Sun, 22 Nov 2020 05:43:40 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:7B4578C26F4A1F96723A755529BFA6F0DE199F879F43F8A92442B298A9FD749C;UpperCasedChecksum:B3E74A6508E0B97F2E59A46B75DC13504DB2632BA57E29BDF1D1E94957F84FB7;SizeAsReceived:7533;Count:47 Received: from MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::2814:c86b:7446:74e1]) by MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::2814:c86b:7446:74e1%3]) with mapi id 15.20.3499.035; Sun, 22 Nov 2020 05:43:40 +0000 From: Kun Qin To: devel@edk2.groups.io CC: Jian J Wang , Xiaoyu Lu , Jiewen Yao , Guomin Jiang , Jiewen Yao Subject: [PATCH v2 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Date: Sat, 21 Nov 2020 21:43:23 -0800 Message-ID: X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20201122054323.876-1-kun.q@outlook.com> References: <20201122054323.876-1-kun.q@outlook.com> X-TMN: [jDuyla8+nHxeDb4dGhzmctJZDv2aWKLv] X-ClientProxiedBy: MWHPR13CA0007.namprd13.prod.outlook.com (2603:10b6:300:16::17) To MWHPR06MB3102.namprd06.prod.outlook.com (2603:10b6:301:3e::35) Return-Path: kun.q@outlook.com X-Microsoft-Original-Message-ID: <20201122054323.876-2-kun.q@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (73.239.241.211) by MWHPR13CA0007.namprd13.prod.outlook.com (2603:10b6:300:16::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.12 via Frontend Transport; Sun, 22 Nov 2020 05:43:39 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 40d87df0-f16a-4dd5-bad4-08d88ea99064 X-MS-TrafficTypeDiagnostic: BN8NAM11HT110: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fue4VqhiPEDlGOg8fiFZPod9EZoVE+NOQeZmbb1uWDULQPV1prnjhWIRRRyPRxWiwpiVtOzUfxqjqPsVUGl4+5iRfZdC7pj60zRNoeuns9XoQQWW8QmF3lHO/1etmlVfDGli3O11WWwmmuSSIUZFgvpgzuDLfSlr7r4tW975FugKhEwx4+UBTfxsIyzbMhRaRsEwMAyEolGAvkOuVxMGQChE8TsR8RuVoRnwpjcCJpL/XS+B2tIoa9p30+jjxTpZ X-MS-Exchange-AntiSpam-MessageData: asq8hYK2HbcZvnUtAGzrmTLb3ANLa/gZ/yd8JxpVO3Msa1ZfxqDP+HIPesK28EOWPBaEpVwJdIPFstECU5IPVdr/QD6yhbx9e8Gv39+7p4bCLWmg3sEyG3F0c93w0TMZE2w3/wGOf1kom3rMEWPTdw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 40d87df0-f16a-4dd5-bad4-08d88ea99064 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Nov 2020 05:43:39.9231 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT037.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8NAM11HT110 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2459 SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL PKCS7_free function will release the memory of SignerCert when applicable. Freeing SignerCert with X509_free again might cause page fault if use- after-free guard is enabled. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Jiewen Yao Cc: Guomin Jiang Signed-off-by: Kun Qin Reviewed-by: Jiewen Yao --- Notes: v2: - Git configuration update [Laszlo] - Adding review tag [Jiewen] CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/Cryp= toPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c index c9fdb65b99d1..40cc39afe7dd 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -508,10 +508,6 @@ VerifyEKUsInPkcs7Signature ( free (SignedData); } =20 - if (SignerCert !=3D NULL) { - X509_free (SignerCert); - } - if (Pkcs7 !=3D NULL) { PKCS7_free (Pkcs7); } --=20 2.29.1.windows.1