audk/CryptoPkg/Library/BaseCryptLib
Jian J Wang 26442d11e6 CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1914

AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded
signed authenticode pkcs#7 data. when this successfully returns, a type
check is done by calling PKCS7_type_is_signed() and then
Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1
blob that successfully decodes and have d2i_PKCS7() return a valid pointer
and have PKCS7_type_is_signed() also return success  but have Pkcs7->d.sign
be a NULL pointer.

Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for
pkcs7 structs it does the following:
- call PKCS7_type_is_signed()
- call PKCS7_get_detached()
Looking into how PKCS7_get_detatched() is implemented, it checks to see if
p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL.

As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7().
- Add call to PKS7_get_detached() to existing error handling

Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2020-10-21 06:32:46 +00:00
..
Cipher CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm 2020-05-15 07:22:36 +00:00
Hash CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g 2020-07-25 06:27:14 +00:00
Hmac CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 2020-05-15 07:22:36 +00:00
Kdf CryptoPkg: Fix coding style 2019-08-19 08:45:29 +08:00
Pem CryptoPkg/BaseCryptLib: Retire the TDES algorithm 2020-05-15 07:22:36 +00:00
Pk CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584) 2020-10-21 06:32:46 +00:00
Rand CryptoPkg/BaseCryptLib: remove unused code for IPF 2019-05-17 13:13:41 +08:00
SysCall CryptoPkg: BaseCryptLib: Add unit tests (Host and Shell based) 2020-10-18 00:49:58 +00:00
BaseCryptLib.inf CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 2020-05-15 07:22:36 +00:00
BaseCryptLib.uni CryptoPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:22 -07:00
InternalCryptLib.h CryptoPkg: Replace BSD License with BSD+Patent License 2019-04-09 09:10:22 -07:00
PeiCryptLib.inf CryptoPkg/BaseCryptLib: add crypto algorithms needed by variable protection 2020-09-29 05:58:58 +00:00
PeiCryptLib.uni CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 2020-05-15 07:22:36 +00:00
RuntimeCryptLib.inf CryptoPkg/BaseCryptLib: add crypto algorithms needed by variable protection 2020-09-29 05:58:58 +00:00
RuntimeCryptLib.uni CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 2020-05-15 07:22:36 +00:00
SmmCryptLib.inf CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 2020-05-15 07:22:36 +00:00
SmmCryptLib.uni CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 2020-05-15 07:22:36 +00:00
UnitTestHostBaseCryptLib.inf CryptoPkg: BaseCryptLib: Add unit tests (Host and Shell based) 2020-10-18 00:49:58 +00:00