[tianocore/edk2] 0e7aa6: CryptoPkg: Fix pem heap-buffer-overflow due to BIO...

Yi Li via edk2-commits Sun, 25 Sep 2022 18:40:27 -0700

  Branch: refs/heads/master
  Home:   https://github.com/tianocore/edk2
  Commit: 0e7aa6bf9e0a7a91136353a3d6fe6a90d2047fc0
      
https://github.com/tianocore/edk2/commit/0e7aa6bf9e0a7a91136353a3d6fe6a90d2047fc0
  Author: Yi Li <yi1...@intel.com>
  Date:   2022-09-26 (Mon, 26 Sep 2022)


  Changed paths:
    M CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c

  Log Message:
  -----------
  CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075

Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Xiaoyu Lu <xiaoyu1...@intel.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>

Signed-off-by: Yi Li <yi1...@intel.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>




_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits

[tianocore/edk2] 0e7aa6: CryptoPkg: Fix pem heap-buffer-overflow due to BIO...

Reply via email to