X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FPk%2FCryptPkcs7.c;h=16176423237958d21f37f3009158765e8ea3a744;hp=83f0dfcd5a6de16e39c183b35deb5ee862c7efd2;hb=16d2c32c4dff7fd8b0ee19e3ba908c0121f6636e;hpb=bd0de3963b8e09ccded4b6922d5e6f0146a2f63f

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c
index 83f0dfcd5a..1617642323 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c
@@ -1,7 +1,7 @@
 /** @file
   PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -150,13 +150,10 @@ Pkcs7Sign (
   //
   // Check input parameters.
   //
-  ASSERT (PrivateKey     != NULL);
-  ASSERT (KeyPassword    != NULL);
-  ASSERT (InData         != NULL);
-  ASSERT (SignCert       != NULL);
-  ASSERT (SignedData     != NULL);
-  ASSERT (SignedDataSize != NULL);
-  ASSERT (InDataSize     <= INT_MAX);
+  if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
+    SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
+    return FALSE;
+  }
 
   RsaContext = NULL;
   Key        = NULL;
@@ -285,7 +282,8 @@ _Exit:
   Cryptographic Message Syntax Standard". The input signed data could be wrapped
   in a ContentInfo structure.
 
-  If P7Data is NULL, then ASSERT().
+  If P7Data, TrustedCert or InData is NULL, then return FALSE.
+  If P7Length, CertLength or DataLength overflow, then return FAlSE.
 
   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
   @param[in]  P7Length     Length of the PKCS#7 message in bytes.
@@ -322,15 +320,13 @@ Pkcs7Verify (
   BOOLEAN     Wrapped;
 
   //
-  // ASSERT if any input parameter is invalid.
+  // Check input parameters.
   //
-  ASSERT (P7Data      != NULL);
-  ASSERT (TrustedCert != NULL);
-  ASSERT (InData      != NULL);
-  ASSERT (P7Length    <= INT_MAX);
-  ASSERT (CertLength  <= INT_MAX);
-  ASSERT (DataLength  <= INT_MAX);
-
+  if (P7Data == NULL || TrustedCert == NULL || InData == NULL || 
+    P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
+    return FALSE;
+  }
+  
   Status    = FALSE;
   Pkcs7     = NULL;
   CertBio   = NULL;