tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg: Fix BaseCryptLib CrtWrapper strcpy 

strcpy fails when strSource is closer than 4096 bytes after strDest.

This is caused by an overlap check in AsciiStrCpyS:
  //
  // 5. Copying shall not take place between objects that overlap.
  //
  SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap
  (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1),
  RETURN_ACCESS_DENIED);

Since DestMax is MAX_STRING_SIZE (0x1000) and with a Source
that is in this area behind Destination, AsciiStrCpyS will fail
and strcpy will do nothing.

When called by CRYPTO_strdup in openssl this leads to uninitialzed
memory that gets accessed instead of the copied string.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2817

Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
This commit is contained in:
Sebastian Witt 2024-06-04 13:10:13 +02:00 committed by mergify[bot]
parent 8c826be35c
commit df8c61e4c0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
View File

@ -271,7 +271,7 @@ strcpy (
const char *strSource
)
{
AsciiStrCpyS (strDest, MAX_STRING_SIZE, strSource);
AsciiStrCpyS (strDest, AsciiStrnSizeS (strSource, MAX_STRING_SIZE), strSource);
return strDest;
}