MdeModulePkg/DisplayEngine: Zero memory before free (CVE-2019-14558)

[mirror_edk2.git] / MdeModulePkg / Universal / DisplayEngineDxe / ProcessOptions.c

diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
index 7d9486112b1ede300562cbe1da13e880299f70d4..e7306f6d04fca92ce294667fd43f4a50efc4eed8 100644 (file)
--- a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
+++ b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
@@ -2,7 +2,7 @@
 Implementation for handling the User Interface option processing.\r
 \r
 \r
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2004 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -823,6 +823,7 @@ PasswordProcess (
     //\r
     Status = ReadString (MenuOption, gPromptForPassword, StringPtr);\r
     if (EFI_ERROR (Status)) {\r
+      ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));\r
       FreePool (StringPtr);\r
       return Status;\r
     }\r
@@ -840,7 +841,7 @@ PasswordProcess (
       } else {\r
         Status = EFI_SUCCESS;\r
       }\r
-\r
+      ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));\r
       FreePool (StringPtr);\r
       return Status;\r
     }\r
@@ -856,6 +857,7 @@ PasswordProcess (
     // Reset state machine for password\r
     //\r
     Question->PasswordCheck (gFormData, Question, NULL);\r
+    ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));\r
     FreePool (StringPtr);\r
     return Status;\r
   }\r
@@ -871,6 +873,8 @@ PasswordProcess (
     // Reset state machine for password\r
     //\r
     Question->PasswordCheck (gFormData, Question, NULL);\r
+    ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));\r
+    ZeroMem (TempString, (Maximum + 1) * sizeof (CHAR16));\r
     FreePool (StringPtr);\r
     FreePool (TempString);\r
     return Status;\r