Revision: 14641
http://sourceforge.net/p/edk2/code/14641
Author: vanjeff
Date: 2013-09-10 06:57:31 +0000 (Tue, 10 Sep 2013)
Log Message:
-----------
Sync patch r14528 from main trunk.
Enhance error handling code after calling BIO_new in BaseCryptLib.
Revision Links:
--------------
http://sourceforge.net/p/edk2/code/14528
Modified Paths:
--------------
branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
Modified: branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
===================================================================
--- branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
2013-09-10 06:23:06 UTC (rev 14640)
+++ branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
2013-09-10 06:57:31 UTC (rev 14641)
@@ -1,7 +1,7 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over
OpenSSL.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -109,11 +109,14 @@
// Read encrypted PEM Data.
//
PemBio = BIO_new (BIO_s_mem ());
- BIO_write (PemBio, PemData, (int) PemSize);
if (PemBio == NULL) {
goto _Exit;
}
+ if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
+ goto _Exit;
+ }
+
//
// Retrieve RSA Private Key from encrypted PEM data.
//
Modified:
branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
===================================================================
--- branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
2013-09-10 06:23:06 UTC (rev 14640)
+++ branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
2013-09-10 06:57:31 UTC (rev 14641)
@@ -1,7 +1,7 @@
/** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -124,8 +124,14 @@
// Convert the data to be signed to BIO format.
//
DataBio = BIO_new (BIO_s_mem ());
- BIO_write (DataBio, InData, (int) InDataSize);
+ if (DataBio == NULL) {
+ goto _Exit;
+ }
+ if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
+ goto _Exit;
+ }
+
//
// Create the PKCS#7 signedData structure.
//
@@ -155,6 +161,7 @@
Tmp = P7Data;
P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+ ASSERT (P7DataSize > 19);
//
// Strip ContentInfo to content only for signeddata. The data be trimmed off
Modified:
branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
===================================================================
--- branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2013-09-10 06:23:06 UTC (rev 14640)
+++ branches/UDK2010.SR1/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2013-09-10 06:57:31 UTC (rev 14641)
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -640,8 +640,14 @@
// in PKCS#7 structure. So ignore NULL checking here.
//
DataBio = BIO_new (BIO_s_mem ());
- BIO_write (DataBio, InData, (int)DataLength);
+ if (DataBio == NULL) {
+ goto _Exit;
+ }
+ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
+ goto _Exit;
+ }
+
//
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
// doesn't support the extended key usage for Authenticode Code Signing.
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
