From 049bf5c1bd83643b9a6e8b7e67ea51ef7076cbc6 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 22 Oct 2020 14:00:04 +0800
Subject: [PATCH] Cryptlib/CryptPkcs7VerifyEku: fix buffer use-after-free

Merge the patch from edk2 upstream:
https://bugzilla.tianocore.org/show_bug.cgi?id=2459

Since SignerCert is actually a part of Pkcs7, PKCS7_free() also fress
SignerCert, so there is no need to free SignerCert.

Signed-off-by: Gary Lin <glin@suse.com>
---
 Cryptlib/Pk/CryptPkcs7VerifyEku.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
index d086886..2c172e2 100644
--- a/Cryptlib/Pk/CryptPkcs7VerifyEku.c
+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
@@ -507,10 +507,6 @@ Exit:
     free (SignedData);
   }
 
-  if (SignerCert != NULL) {
-    X509_free (SignerCert);
-  }
-
   if (Pkcs7 != NULL) {
     PKCS7_free (Pkcs7);
   }
-- 
2.28.0