On 02/24/16 18:12, Laszlo Ersek wrote:
>> #4 0x000000007fdf0917 in CRYPTO_free (str=0x0)
>> at CryptoPkg/Library/OpensslLib/openssl-1.0.2f/crypto/mem.c:442
>> #5 0x000000007fe20b47 in PKCS7_verify (p7=0x7ee6ff98, certs=0x0,
>> store=0x7ee62e58, indata=0x7ee62c18, out=0x0,
>> flags=128)
>> at
>> CryptoPkg/Library/OpensslLib/openssl-1.0.2f/crypto/pkcs7/pk7_smime.c:415
These are the key stack frames. "pk7_smime.c:415" is an error handling
section at the end of PKCS7_verify():
err:
OPENSSL_free(buf);
if (tmpin == indata) {
if (indata)
BIO_pop(p7bio);
}
BIO_free_all(p7bio);
sk_X509_free(signers);
return ret;
}
Now, in the edk2 build, OPENSSL_free() boils down to a FreePool().
However, *unlike* the free() function of the standard C library,
FreePool() does *not* handle a NULL argument transparently.
So we should look for jumps to the err label in PKCS7_verify() that
happen before "buf" is set to anything different from NULL. (It is
initialized to NULL at the top of the function.)
I can see 6 such goto instructions -- I'll try to instrument them with
DEBUG(), and see which one is taken. I'll report back if I succeed.
Thanks
Laszlo
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
