diff options
author | Kun Qin <kun.q@outlook.com> | 2020-11-21 06:24:32 +0800 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-11-26 03:22:24 +0000 |
commit | 21f984cedec1c613218480bc3eb5e92349a7a812 (patch) | |
tree | 9a0c22453eca145dc2ba843cd81ea00c3d4dca8a /CryptoPkg | |
parent | e9d62effa37ea13fe04fc89b21d2de7776f183a2 (diff) | |
download | edk2-21f984cedec1c613218480bc3eb5e92349a7a812.tar.gz edk2-21f984cedec1c613218480bc3eb5e92349a7a812.tar.bz2 edk2-21f984cedec1c613218480bc3eb5e92349a7a812.zip |
CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459
SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL
PKCS7_free function will release the memory of SignerCert when applicable.
Freeing SignerCert with X509_free again might cause page fault if use-
after-free guard is enabled.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg')
-rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c index c9fdb65b99..40cc39afe7 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -508,10 +508,6 @@ Exit: free (SignedData);
}
- if (SignerCert != NULL) {
- X509_free (SignerCert);
- }
-
if (Pkcs7 != NULL) {
PKCS7_free (Pkcs7);
}
|