CryptoPkg: Fix conditionally uninitialized variable

Fixes CodeQL alerts for CWE-457: https://cwe.mitre.org/data/definitions/457.html Checks the return value from `ASN1_get_object()` to verify values set by the function are valid. Note that the function returns literal `0x80`: `return (0x80);` That is used to check the return value is as the case in other areas of the code. Cc: Erich McMillan <emcmillan@microsoft.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Co-authored-by: Erich McMillan <emcmillan@microsoft.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
2022-11-08 15:15:31 -05:00 · 2022-11-08 15:15:31 -05:00 · 84d77d9bf5
parent dbe820d5fa
commit 84d77d9bf5
1 changed files with 12 additions and 9 deletions
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@ -807,6 +807,7 @@ X509GetTBSCert (
  UINT32       Asn1Tag;
  UINT32       ObjClass;
  UINTN        Length;
+  UINTN        Inf;

  //
  // Check input parameters.
@ -836,9 +837,9 @@ X509GetTBSCert (
  //
  Temp   = Cert;
  Length = 0;
-  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);
+  Inf    = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);

-  if (Asn1Tag != V_ASN1_SEQUENCE) {
+  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
    return FALSE;
  }

@ -848,7 +849,7 @@ X509GetTBSCert (
  //
  // Verify the parsed TBSCertificate is one correct SEQUENCE data.
  //
-  if (Asn1Tag != V_ASN1_SEQUENCE) {
+  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
    return FALSE;
  }

@ -1888,18 +1889,20 @@ Asn1GetTag (
  IN     UINT32   Tag
  )
 {
-  UINT8  *PtrOld;
-  INT32  ObjTag;
-  INT32  ObjCls;
-  long   ObjLength;
+  UINT8   *PtrOld;
+  INT32   ObjTag;
+  INT32   ObjCls;
+  long    ObjLength;
+  UINT32  Inf;

  //
  // Save Ptr position
  //
  PtrOld = *Ptr;

-  ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag, &ObjCls, (INT32)(End - (*Ptr)));
-  if ((ObjTag == (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) &&
+  Inf = ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag, &ObjCls, (INT32)(End - (*Ptr)));
+  if (((Inf & 0x80) == 0x00) &&
+      (ObjTag == (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) &&
      (ObjCls == (INT32)(Tag & CRYPTO_ASN1_TAG_CLASS_MASK)))
  {
    *Length = (UINTN)ObjLength;