diff options
| author | Yi Li <yi1.li@intel.com> | 2022-09-26 08:24:33 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2022-09-26 01:39:52 +0000 |
| commit | 0e7aa6bf9e0a7a91136353a3d6fe6a90d2047fc0 (patch) | |
| tree | daab81b854da53f9521bae7b9fd46c297a3d10d2 /CryptoPkg | |
| parent | 582a7c9995a8fd036a3583ba485467f5a0316cca (diff) | |
| download | edk2-0e7aa6bf9e0a7a91136353a3d6fe6a90d2047fc0.tar.gz | |
CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c index c1fc33538f..b65d29485b 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -494,7 +494,9 @@ BIO_snprintf ( ...
)
{
- return 0;
+ // Because the function does not actually print anything to buf, it returns -1 as error.
+ // Otherwise, the consumer may think that the buf is valid and parse the buffer.
+ return -1;
}
#ifdef __GNUC__
|