Revision: 14528
http://sourceforge.net/p/edk2/code/14528
Author: tye1
Date: 2013-08-07 08:11:14 +0000 (Wed, 07 Aug 2013)
Log Message:
-----------
Enhance error handling code after calling BIO_new in BaseCryptLib.
Signed-off-by: Ye Ting <[email protected]>
Reviewed-by: Long Qin <[email protected]>
Modified Paths:
--------------
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c 2013-08-06
17:41:53 UTC (rev 14527)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c 2013-08-07
08:11:14 UTC (rev 14528)
@@ -1,7 +1,7 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over
OpenSSL.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -109,11 +109,14 @@
// Read encrypted PEM Data.
//
PemBio = BIO_new (BIO_s_mem ());
- BIO_write (PemBio, PemData, (int) PemSize);
if (PemBio == NULL) {
goto _Exit;
}
+ if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
+ goto _Exit;
+ }
+
//
// Retrieve RSA Private Key from encrypted PEM data.
//
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
2013-08-06 17:41:53 UTC (rev 14527)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
2013-08-07 08:11:14 UTC (rev 14528)
@@ -1,7 +1,7 @@
/** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -124,8 +124,14 @@
// Convert the data to be signed to BIO format.
//
DataBio = BIO_new (BIO_s_mem ());
- BIO_write (DataBio, InData, (int) InDataSize);
+ if (DataBio == NULL) {
+ goto _Exit;
+ }
+ if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
+ goto _Exit;
+ }
+
//
// Create the PKCS#7 signedData structure.
//
@@ -155,6 +161,7 @@
Tmp = P7Data;
P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+ ASSERT (P7DataSize > 19);
//
// Strip ContentInfo to content only for signeddata. The data be trimmed off
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2013-08-06 17:41:53 UTC (rev 14527)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2013-08-07 08:11:14 UTC (rev 14528)
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -640,8 +640,14 @@
// in PKCS#7 structure. So ignore NULL checking here.
//
DataBio = BIO_new (BIO_s_mem ());
- BIO_write (DataBio, InData, (int)DataLength);
+ if (DataBio == NULL) {
+ goto _Exit;
+ }
+ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
+ goto _Exit;
+ }
+
//
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
// doesn't support the extended key usage for Authenticode Code Signing.
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
