CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify

Add more NULL pointer checks before using them in DhGenerateKey and
Pkcs7GetCertificatesList functions to eliminate possible dereferenced
pointer issue.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

2 files changed, 10 insertions, 4 deletions

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
index f44684f907..391efd5c14 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
@@ -232,7 +232,9 @@ DhGenerateKey (
       return FALSE;

     }

 

-    BN_bn2bin (DhPubKey, PublicKey);

+    if (PublicKey != NULL) {

+      BN_bn2bin (DhPubKey, PublicKey);

+    }

     *PublicKeySize = Size;

   }

 

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 45d5df5e11..d564591cb7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -558,7 +558,9 @@ Pkcs7GetCertificatesList (
     }

   }

   CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);

-  (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);

+  if (CtxUntrusted != NULL) {

+    (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);

+  }

 

   //

   // Build certificates stack chained from Signer's certificate.

@@ -711,8 +713,10 @@ _Error:
   }

   sk_X509_free (Signers);

 

-  X509_STORE_CTX_cleanup (CertCtx);

-  X509_STORE_CTX_free (CertCtx);

+  if (CertCtx != NULL) {

+    X509_STORE_CTX_cleanup (CertCtx);

+    X509_STORE_CTX_free (CertCtx);

+  }

 

   if (SingleCert != NULL) {

     free (SingleCert);