From b74f1f7ab5e956f58ae1771dc4e2a4b92bc51430 Mon Sep 17 00:00:00 2001 From: Kun Qin Date: Thu, 29 Jun 2023 16:59:18 -0700 Subject: SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator REF: https://bugzilla.tianocore.org/show_bug.cgi?idD91 mAvailableAlgoArray is currently allocated for "RNG_AVAILABLE_ALGO_MAX" number of bytes, whereas it was dereferenced as "EFI_RNG_ALGORITHM". This change fixed the buffer allocation logic by allocating a proper size of buffer before referencing. Cc: Jiewen Yao Cc: Jian J Wang Cc: Sami Mujawar Cc: Pierre Gondois Signed-off-by: Kun Qin Reviewed-by: Sami Mujawar --- SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c | 2 +- SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'SecurityPkg/RandomNumberGenerator') diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index a270441ebb..fe335f83df 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -39,7 +39,7 @@ GetAvailableAlgorithms ( UnSafeAlgo = FALSE; // Rng algorithms 2 times, one for the allocation, one to populate. - mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); + mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX * sizeof (EFI_RNG_ALGORITHM)); if (mAvailableAlgoArray == NULL) { return EFI_OUT_OF_RESOURCES; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c index 4b24f5c4a6..5e621df601 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c @@ -32,7 +32,7 @@ GetAvailableAlgorithms ( UINT16 MinorRevision; // Rng algorithms 2 times, one for the allocation, one to populate. - mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); + mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX * sizeof (EFI_RNG_ALGORITHM)); if (mAvailableAlgoArray == NULL) { return EFI_OUT_OF_RESOURCES; } -- cgit v1.2.3