]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5cd8be6) | patch
SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() (CVE-2019...
authorLaszlo Ersek <lersek@redhat.com>
Wed, 25 Sep 2019 11:41:57 +0000 (13:41 +0200)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Wed, 19 Feb 2020 14:08:23 +0000 (14:08 +0000)
commitcb30c8f25162e6d8142c6b098f14c1e4e7f125ce
tree05d025cca7a49692988744fdfdb6a4e197c94ed9tree
parent5cd8be6079ea7e5638903b2f3da0f4c10ec7f1dacommit | diff
SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() (CVE-2019-14575)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

If the second GetVariable() call for "dbx" fails, in IsForbiddenByDbx(),
we have to free Data. Jump to "Done" for that.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c diff | blob | blame | history
EFI Development Kit II mirror for PVE