mirror of https://github.com/acidanthera/audk.git
CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free
The malloc/free (instead of AllocatePool/FreePool) were used directly in some wrapper implementations, which was designed to leverage the light-weight memory management routines at Runtime phase. The malloc/free and AllocatePool/FreePool usages are required to be matched, after extra memory size info header was introduced in malloc wrapper. This patch corrects two memory allocation cases, which requires the caller to free the buffer with FreePool() outside the function call. And some comments were also added to clarify the correct memory release functions if it's the caller's responsibility to free the memory buffer. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
parent
cf8197a39d
commit
6fe575d052
|
@ -2388,10 +2388,12 @@ Pkcs5HashPassword (
|
|||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
|
@ -2433,10 +2435,11 @@ Pkcs7FreeSigners (
|
|||
@param[in] P7Data Pointer to the PKCS#7 message.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's
|
||||
certificate. It's caller's responsibility to free the buffer.
|
||||
certificate. It's caller's responsibility to free the buffer
|
||||
with Pkcs7FreeSigners().
|
||||
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
|
||||
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
|
||||
responsibility to free the buffer.
|
||||
responsibility to free the buffer with Pkcs7FreeSigners().
|
||||
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
|
@ -2472,7 +2475,8 @@ Pkcs7GetCertificatesList (
|
|||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData.
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's
|
||||
responsibility to free the buffer with FreePool().
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval TRUE PKCS#7 data signing succeeded.
|
||||
|
@ -2540,7 +2544,7 @@ Pkcs7Verify (
|
|||
@param[in] P7Data Pointer to the PKCS#7 signed data to process.
|
||||
@param[in] P7Length Length of the PKCS#7 signed data in bytes.
|
||||
@param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with FreePool().
|
||||
@param[out] ContentSize The size of the extracted content in bytes.
|
||||
|
||||
@retval TRUE The P7Data was correctly formatted for processing.
|
||||
|
|
|
@ -34,7 +34,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData.
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's
|
||||
responsibility to free the buffer with FreePool().
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval TRUE PKCS#7 data signing succeeded.
|
||||
|
@ -167,7 +168,7 @@ Pkcs7Sign (
|
|||
// is totally 19 bytes.
|
||||
//
|
||||
*SignedDataSize = P7DataSize - 19;
|
||||
*SignedData = malloc (*SignedDataSize);
|
||||
*SignedData = AllocatePool (*SignedDataSize);
|
||||
if (*SignedData == NULL) {
|
||||
OPENSSL_free (P7Data);
|
||||
goto _Exit;
|
||||
|
|
|
@ -33,7 +33,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData.
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's
|
||||
responsibility to free the buffer with FreePool().
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
|
|
@ -240,10 +240,12 @@ _Exit:
|
|||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
|
@ -438,10 +440,11 @@ Pkcs7FreeSigners (
|
|||
@param[in] P7Data Pointer to the PKCS#7 message.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's
|
||||
certificate. It's caller's responsibility to free the buffer.
|
||||
certificate. It's caller's responsibility to free the buffer
|
||||
with Pkcs7FreeSigners().
|
||||
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
|
||||
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
|
||||
responsibility to free the buffer.
|
||||
responsibility to free the buffer with Pkcs7FreeSigners().
|
||||
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
|
@ -921,7 +924,7 @@ _Exit:
|
|||
@param[in] P7Data Pointer to the PKCS#7 signed data to process.
|
||||
@param[in] P7Length Length of the PKCS#7 signed data in bytes.
|
||||
@param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with FreePool().
|
||||
@param[out] ContentSize The size of the extracted content in bytes.
|
||||
|
||||
@retval TRUE The P7Data was correctly formatted for processing.
|
||||
|
@ -996,7 +999,7 @@ Pkcs7GetAttachedContent (
|
|||
OctStr = Pkcs7->d.sign->contents->d.data;
|
||||
if ((OctStr->length > 0) && (OctStr->data != NULL)) {
|
||||
*ContentSize = OctStr->length;
|
||||
*Content = malloc (*ContentSize);
|
||||
*Content = AllocatePool (*ContentSize);
|
||||
if (*Content == NULL) {
|
||||
*ContentSize = 0;
|
||||
goto _Exit;
|
||||
|
|
|
@ -25,10 +25,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
@ -75,10 +77,11 @@ Pkcs7FreeSigners (
|
|||
@param[in] P7Data Pointer to the PKCS#7 message.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's
|
||||
certificate. It's caller's responsibility to free the buffer.
|
||||
certificate. It's caller's responsibility to free the buffer
|
||||
with Pkcs7FreeSigners().
|
||||
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
|
||||
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
|
||||
responsibility to free the buffer.
|
||||
responsibility to free the buffer with Pkcs7FreeSigners().
|
||||
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
|
@ -142,7 +145,7 @@ Pkcs7Verify (
|
|||
@param[in] P7Data Pointer to the PKCS#7 signed data to process.
|
||||
@param[in] P7Length Length of the PKCS#7 signed data in bytes.
|
||||
@param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
|
||||
It's caller's responsibility to free the buffer.
|
||||
It's caller's responsibility to free the buffer with FreePool().
|
||||
@param[out] ContentSize The size of the extracted content in bytes.
|
||||
|
||||
@retval TRUE The P7Data was correctly formatted for processing.
|
||||
|
|
Loading…
Reference in New Issue