From 5b2956ea6340be09abdd1d1881c76919de345a97 Mon Sep 17 00:00:00 2001 From: Ye Ting Date: Wed, 7 Aug 2013 08:11:14 +0000 Subject: [PATCH] Enhance error handling code after calling BIO_new in BaseCryptLib. Signed-off-by: Ye Ting Reviewed-by: Long Qin git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14528 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +++++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 11 +++++++++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 10 ++++++++-- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c index 078a960d58..51e648b736 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -109,11 +109,14 @@ RsaGetPrivateKeyFromPem ( // Read encrypted PEM Data. // PemBio = BIO_new (BIO_s_mem ()); - BIO_write (PemBio, PemData, (int) PemSize); if (PemBio == NULL) { goto _Exit; } + if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) { + goto _Exit; + } + // // Retrieve RSA Private Key from encrypted PEM data. // diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c index 25865910f6..63fe78fc86 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c @@ -1,7 +1,7 @@ /** @file PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. -Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -124,7 +124,13 @@ Pkcs7Sign ( // Convert the data to be signed to BIO format. // DataBio = BIO_new (BIO_s_mem ()); - BIO_write (DataBio, InData, (int) InDataSize); + if (DataBio == NULL) { + goto _Exit; + } + + if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { + goto _Exit; + } // // Create the PKCS#7 signedData structure. @@ -155,6 +161,7 @@ Pkcs7Sign ( Tmp = P7Data; P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); + ASSERT (P7DataSize > 19); // // Strip ContentInfo to content only for signeddata. The data be trimmed off diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c index 471fbbbe25..05c3f87743 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -10,7 +10,7 @@ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated Variable and will do basic check for data structure. -Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -640,7 +640,13 @@ Pkcs7Verify ( // in PKCS#7 structure. So ignore NULL checking here. // DataBio = BIO_new (BIO_s_mem ()); - BIO_write (DataBio, InData, (int)DataLength); + if (DataBio == NULL) { + goto _Exit; + } + + if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { + goto _Exit; + } // // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and