From e98e59c237e17f064a4ecffb39d45499f89720a1 Mon Sep 17 00:00:00 2001
From: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed, 17 Oct 2012 08:17:33 +0000
Subject: [PATCH] Fix a bug in OpensslLib that PKCS7_verify will use over 8k
 stack space.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13858 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../OpensslLib/EDKII_openssl-0.9.8w.patch     | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
index daeb36079d..a2ba8aeb43 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
@@ -182,6 +182,45 @@ Index: crypto/pkcs7/pk7_smime.c
  		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
  		goto err;
  	}
+@@ -173,7 +176,8 @@
+ 	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ 	PKCS7_SIGNER_INFO *si;
+ 	X509_STORE_CTX cert_ctx;
+-	char buf[4096];
++	char *buf = NULL;
++	int bufsiz;
+ 	int i, j=0, k, ret = 0;
+ 	BIO *p7bio;
+ 	BIO *tmpin, *tmpout;
+@@ -284,10 +288,16 @@
+ 		BIO_set_mem_eof_return(tmpout, 0);
+ 	} else tmpout = out;
+ 
++	bufsiz = 4096;
++	buf = OPENSSL_malloc (bufsiz);
++		if (buf == NULL) {
++			goto err;
++	}
++
+ 	/* We now have to 'read' from p7bio to calculate digests etc. */
+ 	for (;;)
+ 	{
+-		i=BIO_read(p7bio,buf,sizeof(buf));
++		i=BIO_read(p7bio,buf,bufsiz);
+ 		if (i <= 0) break;
+ 		if (tmpout) BIO_write(tmpout, buf, i);
+ 	}
+@@ -326,6 +336,10 @@
+ 
+ 	sk_X509_free(signers);
+ 
++	if (buf != NULL) {
++		OPENSSL_free (buf);
++	}
++
+ 	return ret;
+ }
+ 
 Index: crypto/rand/rand_egd.c
 ===================================================================
 --- crypto/rand/rand_egd.c	(revision 1)
-- 
2.39.2