On 2/6/20 3:19 PM, Wang, Jian J wrote:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Pointer HashCtx used in IsCertHashFoundInDatabase() is not freed inside
the while-loop, if it will run more than once.
By extracting part of the code from the big while() statement into a new
function, IsCertHashFoundInDatabase() would be easier to review (and
this mistake could have been avoided).
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
---
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index dbfbfcb4fb..74dbffa122 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -908,6 +908,9 @@ IsCertHashFoundInDatabase (
goto Done;
}
+ FreePool (HashCtx);
+ HashCtx = NULL;
+
SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) +
DbxList->SignatureHeaderSize;
CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList +
SiglistHeaderSize);
CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) /
DbxList->SignatureSize;
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54368): https://edk2.groups.io/g/devel/message/54368
Mute This Topic: https://groups.io/mt/71023417/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
