CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify

Add more NULL pointer checks before using them in DhGenerateKey and
Pkcs7GetCertificatesList functions to eliminate possible dereferenced
pointer issue.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
index f44684f907fa591d339a33a245566eed25b8e604..391efd5c14550f16bd9466ad076d2313a3b3bb83 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
@@ -232,7 +232,9 @@ DhGenerateKey (
       return FALSE;\r
     }\r
 \r
-    BN_bn2bin (DhPubKey, PublicKey);\r
+    if (PublicKey != NULL) {\r
+      BN_bn2bin (DhPubKey, PublicKey);\r
+    }\r
     *PublicKeySize = Size;\r
   }\r
 \r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 45d5df5e118a2d03e7bc7280a82a30744b18086f..d564591cb7f942d309323d8fe28f723b4de7846c 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -558,7 +558,9 @@ Pkcs7GetCertificatesList (
     }\r
   }\r
   CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);\r
-  (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);\r
+  if (CtxUntrusted != NULL) {\r
+    (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);\r
+  }\r
 \r
   //\r
   // Build certificates stack chained from Signer's certificate.\r
@@ -711,8 +713,10 @@ _Error:
   }\r
   sk_X509_free (Signers);\r
 \r
-  X509_STORE_CTX_cleanup (CertCtx);\r
-  X509_STORE_CTX_free (CertCtx);\r
+  if (CertCtx != NULL) {\r
+    X509_STORE_CTX_cleanup (CertCtx);\r
+    X509_STORE_CTX_free (CertCtx);\r
+  }\r
 \r
   if (SingleCert != NULL) {\r
     free (SingleCert);\r