diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2019-09-25 13:41:57 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-02-19 14:08:23 +0000 |
| commit | cb30c8f25162e6d8142c6b098f14c1e4e7f125ce (patch) | |
| tree | 05d025cca7a49692988744fdfdb6a4e197c94ed9 /SecurityPkg/Library | |
| parent | 5cd8be6079ea7e5638903b2f3da0f4c10ec7f1da (diff) | |
| download | edk2-cb30c8f25162e6d8142c6b098f14c1e4e7f125ce.tar.gz edk2-cb30c8f25162e6d8142c6b098f14c1e4e7f125ce.tar.bz2 edk2-cb30c8f25162e6d8142c6b098f14c1e4e7f125ce.zip | |
SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
If the second GetVariable() call for "dbx" fails, in IsForbiddenByDbx(),
we have to free Data. Jump to "Done" for that.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg/Library')
| -rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 470a0d20ef..f20640af68 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1274,7 +1274,7 @@ IsForbiddenByDbx ( Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
if (EFI_ERROR (Status)) {
- return IsForbidden;
+ goto Done;
}
//
|