summaryrefslogtreecommitdiffstats
path: root/CryptoPkg
diff options
context:
space:
mode:
authorKun Qin <kun.q@outlook.com>2020-11-21 06:24:32 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2020-11-26 03:22:24 +0000
commit21f984cedec1c613218480bc3eb5e92349a7a812 (patch)
tree9a0c22453eca145dc2ba843cd81ea00c3d4dca8a /CryptoPkg
parente9d62effa37ea13fe04fc89b21d2de7776f183a2 (diff)
downloadedk2-21f984cedec1c613218480bc3eb5e92349a7a812.tar.gz
edk2-21f984cedec1c613218480bc3eb5e92349a7a812.tar.bz2
edk2-21f984cedec1c613218480bc3eb5e92349a7a812.zip
CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL PKCS7_free function will release the memory of SignerCert when applicable. Freeing SignerCert with X509_free again might cause page fault if use- after-free guard is enabled. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg')
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index c9fdb65b99..40cc39afe7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -508,10 +508,6 @@ Exit:
free (SignedData);
}
- if (SignerCert != NULL) {
- X509_free (SignerCert);
- }
-
if (Pkcs7 != NULL) {
PKCS7_free (Pkcs7);
}