首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 54

jdx_openEuler_src/edk2

forked from src-openEuler/edk2 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
0010-Add-NULL-checks-where-ContentInfo-data-can-be-NULL.patch 4.90 KB
一键复制 编辑 原始数据 按行查看 历史
YeXiao 提交于 2024-01-26 10:32 . Fix some CVE
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
From 6b5fa79607808b28830ac267253dfbf6ed9c463c Mon Sep 17 00:00:00 2001

From: liwei <liwei3013@126.com>

Date: Fri, 26 Jan 2024 18:45:28 +0800

Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL



PKCS12 structures contain PKCS7 ContentInfo fields. These fields are

optional and can be NULL even if the "type" is a valid value. OpenSSL

was not properly accounting for this and a NULL dereference can occur

causing a crash.



CVE-2024-0727



Reviewed-by: Tomas Mraz <tomas@openssl.org>

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>



reference: https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

Signed-off-by: yexiao <yexiao7@huawei.com>

---

 .../OpensslLib/openssl/crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++

 .../openssl/crypto/pkcs12/p12_mutl.c           |  5 +++++

 .../openssl/crypto/pkcs12/p12_npas.c           |  5 +++--

 .../OpensslLib/openssl/crypto/pkcs7/pk7_mime.c |  7 +++++--

 4 files changed, 31 insertions(+), 4 deletions(-)



diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c

index 6fd4184a..80ce31b3 100644

--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c

+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c

@@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)

         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);

         return NULL;

     }

+

+    if (p7->d.data == NULL) {

+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);

+        return NULL;

+    }

+

     return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));

 }

 

@@ -150,6 +156,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,

 {

     if (!PKCS7_type_is_encrypted(p7))

         return NULL;

+

+    if (p7->d.encrypted == NULL) {

+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);

+        return NULL;

+    }

+

     return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm,

                                    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),

                                    pass, passlen,

@@ -188,6 +200,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)

         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);

         return NULL;

     }

+

+    if (p12->authsafes->d.data == NULL) {

+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);

+        return NULL;

+    }

+

     p7s = ASN1_item_unpack(p12->authsafes->d.data,

                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));

     if (p7s != NULL) {

diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c

index afdb8d68..67be81eb 100644

--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c

+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c

@@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,

         return 0;

     }

 

+    if (p12->authsafes->d.data == NULL) {

+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);

+        return 0;

+    }

+

     salt = p12->mac->salt->data;

     saltlen = p12->mac->salt->length;

     if (p12->mac->iter == NULL)

diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c

index 62230bc6..1e5b5495 100644

--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c

+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c

@@ -77,8 +77,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)

             bags = PKCS12_unpack_p7data(p7);

         } else if (bagnid == NID_pkcs7_encrypted) {

             bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);

-            if (!alg_get(p7->d.encrypted->enc_data->algorithm,

-                         &pbe_nid, &pbe_iter, &pbe_saltlen))

+            if (p7->d.encrypted == NULL

+                    || !alg_get(p7->d.encrypted->enc_data->algorithm,

+                                &pbe_nid, &pbe_iter, &pbe_saltlen))

                 goto err;

         } else {

             continue;

diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c

index 49a0da5f..8228315e 100644

--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c

+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c

@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)

     int ctype_nid = OBJ_obj2nid(p7->type);

     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);

 

-    if (ctype_nid == NID_pkcs7_signed)

+    if (ctype_nid == NID_pkcs7_signed) {

+        if (p7->d.sign == NULL)

+            return 0;

         mdalgs = p7->d.sign->md_algs;

-    else

+    } else {

         mdalgs = NULL;

+    }

 

     flags ^= SMIME_OLDMIME;

 

-- 

2.33.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化