]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 578bcdc)
SecurityPkg/DxeImageVerificationLib: Fix memory leaks (CVE-2019-14575)
authorJian J Wang <jian.j.wang@intel.com>
Thu, 10 Oct 2019 03:06:53 +0000 (11:06 +0800)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Wed, 19 Feb 2020 14:08:23 +0000 (14:08 +0000)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

Pointer HashCtx used in IsCertHashFoundInDatabase() is not freed inside
the while-loop, if it will run more than once.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c patch | blob | blame | history

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index dbfbfcb4fb3aa5a26ecd37d2227e160e946c2f2b..74dbffa1227f657db50004feba97e61d32c1ac5b 100644 (file)
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -908,6 +908,9 @@ IsCertHashFoundInDatabase (
       goto Done;\r
     }\r
 \r
+    FreePool (HashCtx);\r
+    HashCtx = NULL;\r
+\r
     SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize;\r
     CertHash          = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize);\r
     CertHashCount     = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize;\r
EFI Development Kit II mirror for PVE