Date
1 - 2 of 2
[PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
Li, Yi
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Signed-off-by: Yi Li <yi1.li@...>
reviewed-by: Jiewen Yao <Jiewen.yao@...>
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..b65d29485b 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,9 @@ BIO_snprintf (
...
)
{
- return 0;
+ // Because the function does not actually print anything to buf, it returns -1 as error.
+ // Otherwise, the consumer may think that the buf is valid and parse the buffer.
+ return -1;
}
#ifdef __GNUC__
--
2.31.1.windows.1
Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Signed-off-by: Yi Li <yi1.li@...>
reviewed-by: Jiewen Yao <Jiewen.yao@...>
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..b65d29485b 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,9 @@ BIO_snprintf (
...
)
{
- return 0;
+ // Because the function does not actually print anything to buf, it returns -1 as error.
+ // Otherwise, the consumer may think that the buf is valid and parse the buffer.
+ return -1;
}
#ifdef __GNUC__
--
2.31.1.windows.1
Yao, Jiewen
toggle quoted message
Show quoted text
-----Original Message-----
From: Li, Yi1 <yi1.li@...>
Sent: Monday, September 26, 2022 8:25 AM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@...>; Yao, Jiewen <jiewen.yao@...>; Wang,
Jian J <jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>; Jiang,
Guomin <guomin.jiang@...>; Yao, Jiewen <jiewen.yao@...>
Subject: [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to
BIO_snprintf()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Signed-off-by: Yi Li <yi1.li@...>
reviewed-by: Jiewen Yao <Jiewen.yao@...>
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..b65d29485b 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,9 @@ BIO_snprintf (
...
)
{
- return 0;
+ // Because the function does not actually print anything to buf, it returns
-1 as error.
+ // Otherwise, the consumer may think that the buf is valid and parse the
buffer.
+ return -1;
}
#ifdef __GNUC__
--
2.31.1.windows.1