CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
authorLong Qin <qin.long@intel.com>
Wed, 1 Nov 2017 08:10:04 +0000 (16:10 +0800)
committerLong Qin <qin.long@intel.com>
Mon, 6 Nov 2017 06:50:17 +0000 (14:50 +0800)
commitcf8197a39d07179027455421a182598bd6989999
treee84e54f0e272db3bcac08d4de9c3f008e734b718
parentf6f486e7bf7667ca7bcf50d808e056bd5ac7deaf
CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper

There is one long-standing problem in CRT realloc wrapper, which will
cause the obvious buffer overflow issue when re-allocating one bigger
memory block:
    void *realloc (void *ptr, size_t size)
    {
      //
      // BUG: hardcode OldSize == size! We have no any knowledge about
      // memory size of original pointer ptr.
      //
      return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
    }
This patch introduces one extra header to record the memory buffer size
information when allocating memory block from malloc routine, and re-wrap
the realloc() and free() routines to remove this BUG.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Validated-by: Jian J Wang <jian.j.wang@intel.com>
CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c