pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
shim/shim-bsc1177315-fix-buffer-use-after-free.patch
Gary Ching-Pang Lin ad2aeff5ac Accepting request 845367 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
  in the signer's EKU (bsc#1177315)
- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  to fix NULL pointer dereference in AuthenticodeVerify()
  (bsc#1177789, CVE-2019-14584)
- shim-install: Support changing default shim efi binary in
  /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer
  use-after-free at the end of the EKU verification (bsc#1177315)

OBS-URL: https://build.opensuse.org/request/show/845367
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=168
2020-11-03 06:49:18 +00:00

35 lines
939 B
Diff
Raw Blame History

From 049bf5c1bd83643b9a6e8b7e67ea51ef7076cbc6 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 22 Oct 2020 14:00:04 +0800
Subject: [PATCH] Cryptlib/CryptPkcs7VerifyEku: fix buffer use-after-free
Merge the patch from edk2 upstream:
https://bugzilla.tianocore.org/show_bug.cgi?id=2459
Since SignerCert is actually a part of Pkcs7, PKCS7_free() also fress
SignerCert, so there is no need to free SignerCert.
Signed-off-by: Gary Lin <glin@suse.com>
---
Cryptlib/Pk/CryptPkcs7VerifyEku.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
index d086886..2c172e2 100644
--- a/Cryptlib/Pk/CryptPkcs7VerifyEku.c
+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
@@ -507,10 +507,6 @@ Exit:
free (SignedData);
}
- if (SignerCert != NULL) {
- X509_free (SignerCert);
- }
-
if (Pkcs7 != NULL) {
PKCS7_free (Pkcs7);
}
--
2.28.0
Reference in New Issue View Git Blame Copy Permalink