]> git.proxmox.com Git - mirror_edk2.git/blobdiff - CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584)
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptAuthenticode.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index 2772b1e2be3c6f16842eceb388016fdb7ba90816..3c2d14a88bce2a3ac5cddf147c8b101c16b40eb4 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -9,7 +9,7 @@
   AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for\r
   data structure.\r
 \r
-Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -100,7 +100,7 @@ AuthenticodeVerify (
   //\r
   // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)\r
   //\r
-  if (!PKCS7_type_is_signed (Pkcs7)) {\r
+  if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) {\r
     goto _Exit;\r
   }\r
 \r
EFI Development Kit II mirror for PVE