diff options
| author | Dandan Bi <dandan.bi@intel.com> | 2019-05-06 16:43:34 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-02-14 08:18:47 +0000 |
| commit | f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d (patch) | |
| tree | c5356819d3f381420e0e3dd96e5edae87a52b82f | |
| parent | 764e8ba1389a617639d79d2c4f0d53f4ea4a7387 (diff) | |
| download | edk2-f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d.tar.gz edk2-f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d.tar.bz2 edk2-f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d.zip | |
MdeModulePkg/DisplayEngine: Zero memory before free (CVE-2019-14558)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1611
Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
| -rw-r--r-- | MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c index 7d9486112b..e7306f6d04 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c +++ b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c @@ -2,7 +2,7 @@ Implementation for handling the User Interface option processing.
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -823,6 +823,7 @@ PasswordProcess ( //
Status = ReadString (MenuOption, gPromptForPassword, StringPtr);
if (EFI_ERROR (Status)) {
+ ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr);
return Status;
}
@@ -840,7 +841,7 @@ PasswordProcess ( } else {
Status = EFI_SUCCESS;
}
-
+ ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr);
return Status;
}
@@ -856,6 +857,7 @@ PasswordProcess ( // Reset state machine for password
//
Question->PasswordCheck (gFormData, Question, NULL);
+ ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr);
return Status;
}
@@ -871,6 +873,8 @@ PasswordProcess ( // Reset state machine for password
//
Question->PasswordCheck (gFormData, Question, NULL);
+ ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
+ ZeroMem (TempString, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr);
FreePool (TempString);
return Status;
|