tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/DisplayEngine: Zero memory before free (CVE-2019-14558) 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1611

Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Dandan Bi 2019-05-06 16:43:34 +08:00 committed by mergify[bot]
parent 764e8ba138
commit f1d78c489a
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
View File

@ -2,7 +2,7 @@
Implementation for handling the User Interface option processing. Implementation for handling the User Interface option processing.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -823,6 +823,7 @@ PasswordProcess (
// //
Status = ReadString (MenuOption, gPromptForPassword, StringPtr); Status = ReadString (MenuOption, gPromptForPassword, StringPtr);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr); FreePool (StringPtr);
return Status; return Status;
} }
@ -840,7 +841,7 @@ PasswordProcess (
} else { } else {
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
} }
ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr); FreePool (StringPtr);
return Status; return Status;
} }
@ -856,6 +857,7 @@ PasswordProcess (
// Reset state machine for password // Reset state machine for password
// //
Question->PasswordCheck (gFormData, Question, NULL); Question->PasswordCheck (gFormData, Question, NULL);
ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr); FreePool (StringPtr);
return Status; return Status;
} }
@ -871,6 +873,8 @@ PasswordProcess (
// Reset state machine for password // Reset state machine for password
// //
Question->PasswordCheck (gFormData, Question, NULL); Question->PasswordCheck (gFormData, Question, NULL);
ZeroMem (StringPtr, (Maximum + 1) * sizeof (CHAR16));
ZeroMem (TempString, (Maximum + 1) * sizeof (CHAR16));
FreePool (StringPtr); FreePool (StringPtr);
FreePool (TempString); FreePool (TempString);
return Status; return Status;