1. Messages
  2. [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()

Re: [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()

Yao, Jiewen
 

Thanks. The solution looks good.

I recommend to add more comments below:
// Because the function does not actually print anything to buf, it returns -1 as error.
// Otherwise, the consumer may think that the buf is valid and parse the buffer.

With comment change, reviewed-by: Jiewen Yao <Jiewen.yao@...>

-----Original Message-----
From: Li, Yi1 <yi1.li@...>
Sent: Sunday, September 25, 2022 5:40 PM
To: devel@edk2.groups.io; Li, Yi1 <yi1.li@...>; Yao, Jiewen
<jiewen.yao@...>
Cc: Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1
<xiaoyu1.lu@...>; Jiang, Guomin <guomin.jiang@...>
Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-
overflow due to BIO_snprintf()

Hi Jiewen,
Can you take a look at this patch?
WPA3 Tls API fuzzing is blocked because of same pem API.

Thanks,
Yi

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of yi1 li
Sent: Thursday, September 22, 2022 8:53 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@...>; Yao, Jiewen <jiewen.yao@...>; Wang,
Jian J <jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang,
Guomin <guomin.jiang@...>
Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow
due to BIO_snprintf()

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075

Fake BIO_snprintf() need to return error status -1. 0 will be considered a
correct return value, this may cause crash, please refer to bugzilla link for
details.

Signed-off-by: Yi Li <yi1.li@...>

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..d7d8c206ed 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,7 @@ BIO_snprintf (
...
)
{
- return 0;
+ return -1;
}

#ifdef __GNUC__
--
2.31.1.windows.1
Join {devel@edk2.groups.io to automatically receive all group messages.