tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/CryptoPkg/Library
History
Long Qin 269f3b5180 CryptoPkg/BaseCryptLib: Fix potential integer overflow issue. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1275

The LookupFreeMemRegion() in RuntimeMemAllocate.c is used to look-up
free memory region for runtime resource allocation, which was designed
to support runtime authenticated variable service.
The ReqPages in this function is the required pages to be allocated,
which depends on the malloc() call in internal OpenSSL routines. The
direct offset subtractions on ReqPages may bring possible integer
overflow issue.

This patch is to add the extra parameter checks to remove this possible
overflow risk.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
 		2018-10-31 11:07:53 +08:00
..
BaseCryptLib CryptoPkg/BaseCryptLib: Fix potential integer overflow issue. 2018-10-31 11:07:53 +08:00
Include CryptoPkg/CrtLibSupport: add secure_getenv() stub function 2018-05-08 13:29:06 +02:00
IntrinsicLib CryptoPkg: Removing ipf which is no longer supported from edk2. 2018-09-25 23:40:41 +08:00
OpensslLib CryptoPkg: Removing ipf which is no longer supported from edk2. 2018-09-25 23:40:41 +08:00
TlsLib CryptoPkg: Removing ipf which is no longer supported from edk2. 2018-09-25 23:40:41 +08:00