tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075

Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Yi Li 2022-09-26 08:24:33 +08:00 committed by mergify[bot]
parent 582a7c9995
commit 0e7aa6bf9e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
View File

@ -494,7 +494,9 @@ BIO_snprintf (
...
)
{
return 0;
// Because the function does not actually print anything to buf, it returns -1 as error.
// Otherwise, the consumer may think that the buf is valid and parse the buffer.
return -1;
}
#ifdef __GNUC__