Re: [edk2] [patch] CryptoPkg: Fix the dereferenced pointer issue

Mon, 29 Jun 2015 19:09:07 -0700 

Looks good.
Reviewed-by: Ye Ting <ting...@intel.com> 

-----Original Message-----
From: Long, Qin 
Sent: Tuesday, June 30, 2015 9:10 AM
To: Ye, Ting; edk2-devel@lists.sourceforge.net
Subject: [patch] CryptoPkg: Fix the dereferenced pointer issue

This patch is to fix one dereferenced pointer issue in new
Pkcs7GetAttachedContent API, and add the memory allocation
failure check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.l...@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index b8cfa42..d0b0c83 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -719,11 +719,6 @@ Pkcs7GetAttachedContent (
   CONST UINT8        *Temp;
   ASN1_OCTET_STRING  *OctStr;
 
-  *Content   = NULL;
-  Pkcs7      = NULL;
-  SignedData = NULL;
-  OctStr     = NULL;
-
   //
   // Check input parameter.
   //
@@ -731,6 +726,11 @@ Pkcs7GetAttachedContent (
     return FALSE;
   }
 
+  *Content   = NULL;
+  Pkcs7      = NULL;
+  SignedData = NULL;
+  OctStr     = NULL;
+
   Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, 
&SignedDataSize);
   if (!Status || (SignedDataSize > INT_MAX)) {
     goto _Exit;
@@ -771,6 +771,10 @@ Pkcs7GetAttachedContent (
     if ((OctStr->length > 0) && (OctStr->data != NULL)) {
       *ContentSize = OctStr->length;
       *Content     = malloc (*ContentSize);
+      if (*Content == NULL) {
+        *ContentSize = 0;
+        goto _Exit;
+      }
       CopyMem (*Content, OctStr->data, *ContentSize);
     }
   }
-- 
1.9.5.msysgit.1


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to