summaryrefslogtreecommitdiff
path: root/CryptoPkg/Library
diff options
context:
space:
mode:
authorsfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>2012-10-17 08:17:33 +0000
committersfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>2012-10-17 08:17:33 +0000
commite98e59c237e17f064a4ecffb39d45499f89720a1 (patch)
tree823f98b96a22c0ce1cd10ed8673de3189914926c /CryptoPkg/Library
parent24ee1ccaf8310dd4f0bf591de7b71175cad5c865 (diff)
downloadedk2-platforms-e98e59c237e17f064a4ecffb39d45499f89720a1.tar.xz
Fix a bug in OpensslLib that PKCS7_verify will use over 8k stack space.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13858 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'CryptoPkg/Library')
-rw-r--r--CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
index daeb36079d..a2ba8aeb43 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
@@ -182,6 +182,45 @@ Index: crypto/pkcs7/pk7_smime.c
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
+@@ -173,7 +176,8 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j=0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+@@ -284,10 +288,16 @@
+ BIO_set_mem_eof_return(tmpout, 0);
+ } else tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
++
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;)
+ {
+- i=BIO_read(p7bio,buf,sizeof(buf));
++ i=BIO_read(p7bio,buf,bufsiz);
+ if (i <= 0) break;
+ if (tmpout) BIO_write(tmpout, buf, i);
+ }
+@@ -326,6 +336,10 @@
+
+ sk_X509_free(signers);
+
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
++
+ return ret;
+ }
+
Index: crypto/rand/rand_egd.c
===================================================================
--- crypto/rand/rand_egd.c (revision 1)