packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!108 fix CVE-2022-4450

Browse Source 
From: @shaodenghui 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
This commit is contained in:
openeuler-ci-bot 2023-02-26 03:54:28 +00:00 committed by Gitee
commit 1dc178b366
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0038-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch Normal file
View File

@ -0,0 +1,43 @@
From a114dc3c9af48a8f8ed22e738944a9c3e830a088 Mon Sep 17 00:00:00 2001
From: Shao Denghui <shaodenghui@huawei.com>
Date: Mon, 20 Feb 2023 21:59:31 +0800
Subject: [PATCH] [PATCH] Avoid dangling ptrs in header and data params for
PEM_read_bio_ex In the event of a failure in PEM_read_bio_ex() we free the
buffers we allocated for the header and data buffers. However we were not
clearing the ptrs stored in *header and *data. Since, on success, the caller
is responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.
Thanks to Dawei Wang for reporting this issue.
Based on a proposed patch by Kurt Roeckx.
CVE-2022-4450
Reference: https://github.com/openssl/openssl/commit/ee6243f3947107d655f6dee96f63861561a5aaeb
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Signed-off-by: Shao Denghui <shaodenghui@huawei.com>
---
CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c
index 64baf71..6c7c4fe 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c
@@ -940,7 +940,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
*data = pem_malloc(len, flags);
if (*header == NULL || *data == NULL) {
pem_free(*header, flags, 0);
+ *header = NULL;
pem_free(*data, flags, 0);
+ *data = NULL;
goto end;
}
BIO_read(headerB, *header, headerlen);
--
2.27.0

6
edk2.spec
View File

@ -5,7 +5,7 @@
Name: edk2 Name: edk2
Version: %{stable_date} Version: %{stable_date}
Release: 11 Release: 12
Summary: EFI Development Kit II Summary: EFI Development Kit II
License: BSD-2-Clause-Patent License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/edk2 URL: https://github.com/tianocore/edk2
@ -51,6 +51,7 @@ Patch0036: 0034-UefiCpuPkg-CpuMpPei-Enable-paging-and-set-NP-flag-to.patch
Patch0037: 0035-SecurityPkg-TcgPei-Use-Migrated-FV-Info-Hob-for-calc.patch Patch0037: 0035-SecurityPkg-TcgPei-Use-Migrated-FV-Info-Hob-for-calc.patch
Patch0038: 0036-UefiCpuPkg-Move-MigrateGdt-from-DiscoverMemory-to-Te.patch Patch0038: 0036-UefiCpuPkg-Move-MigrateGdt-from-DiscoverMemory-to-Te.patch
Patch0039: 0037-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch Patch0039: 0037-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch
Patch0040: 0038-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch
BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python2 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python2
@ -246,6 +247,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%endif %endif
%changelog %changelog
* Sun Feb 26 2023 shaodenghui<shaodenghui@huawei.com> - 202002-12
- fix CVE-2022-4450
* Tue Nov 29 2022 chenhuiying<chenhuiying4@huawei.com> - 202002-11 * Tue Nov 29 2022 chenhuiying<chenhuiying4@huawei.com> - 202002-11
- fix CVE-2021-38578 - fix CVE-2021-38578