]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 582a7c9) | patch
CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
authorYi Li <yi1.li@intel.com>
Mon, 26 Sep 2022 00:24:33 +0000 (08:24 +0800)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Mon, 26 Sep 2022 01:39:52 +0000 (01:39 +0000)
commit0e7aa6bf9e0a7a91136353a3d6fe6a90d2047fc0
treedaab81b854da53f9521bae7b9fd46c297a3d10d2tree
parent582a7c9995a8fd036a3583ba485467f5a0316ccacommit | diff
CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075

Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c diff | blob | blame | history
EFI Development Kit II mirror for PVE