diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2019-10-24 16:44:08 +0200 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2019-11-02 12:07:25 +0100 |
| commit | eb520d94dba7369d1886cd5522d5a2c36fb02209 (patch) | |
| tree | fc9fd0b12be0d626ca4951ae8d4ce380a7a9c597 /CryptoPkg | |
| parent | 2ca74e1a175232cc201798e27437700adc7fb07e (diff) | |
| download | edk2-eb520d94dba7369d1886cd5522d5a2c36fb02209.tar.gz | |
CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)
According to the ISO C standard, strchr() is a function. We #define it as
a macro. Unfortunately, our macro evaluates the first argument ("str")
twice. If the expression passed for "str" has side effects, the behavior
may be undefined.
In a later patch in this series, we're going to resurrect "inet_pton.c"
(originally from the StdLib package), which calls strchr() just like that:
strchr((xdigits = xdigits_l), ch)
strchr((xdigits = xdigits_u), ch)
To enable this kind of function call, turn strchr() into a function.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 | ||||
| -rw-r--r-- | CryptoPkg/Library/Include/CrtLibSupport.h | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c index 71a2ef34ed..42235ab96a 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -115,6 +115,11 @@ QuickSortWorker ( // -- String Manipulation Routines --
//
+char *strchr(const char *str, int ch)
+{
+ return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
+}
+
/* Scan a string for the last occurrence of a character */
char *strrchr (const char *str, int c)
{
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h index 5806f50f74..b90da20ff7 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -147,6 +147,7 @@ int isupper (int); int tolower (int);
int strcmp (const char *, const char *);
int strncasecmp (const char *, const char *, size_t);
+char *strchr (const char *, int);
char *strrchr (const char *, int);
unsigned long strtoul (const char *, char **, int);
long strtol (const char *, char **, int);
@@ -188,7 +189,6 @@ void abort (void); #define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
-#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
#define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2)
#define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__)
|