SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() (CVE-2019-14575) - edk2 - Cross-platform firmware development environment

diff options

author	Laszlo Ersek <lersek@redhat.com>	2019-09-25 13:41:57 +0200
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2020-02-19 14:08:23 +0000
commit	cb30c8f25162e6d8142c6b098f14c1e4e7f125ce (patch)
tree	05d025cca7a49692988744fdfdb6a4e197c94ed9 /BaseTools/Source/Python/Ecc
parent	5cd8be6079ea7e5638903b2f3da0f4c10ec7f1da (diff)
download	edk2-cb30c8f25162e6d8142c6b098f14c1e4e7f125ce.tar.gz edk2-cb30c8f25162e6d8142c6b098f14c1e4e7f125ce.tar.bz2 edk2-cb30c8f25162e6d8142c6b098f14c1e4e7f125ce.zip

SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() (CVE-2019-14575)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 If the second GetVariable() call for "dbx" fails, in IsForbiddenByDbx(), we have to free Data. Jump to "Done" for that. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/Ecc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: