diff options
| author | Long Qin <qin.long@intel.com> | 2017-11-01 16:10:04 +0800 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2023-01-27 14:15:14 -0500 |
| commit | 89972ae25c133df31290f394413c19ea903219ad (patch) | |
| tree | 8ad41eac79c3198126cd429c78983dbc27b58bbc /Cryptlib/Cryptlib.diff | |
| parent | 7c7642530fab73facaf3eac233cfbce29e10b0ef (diff) | |
| download | efi-boot-shim-89972ae25c133df31290f394413c19ea903219ad.tar.gz efi-boot-shim-89972ae25c133df31290f394413c19ea903219ad.zip | |
CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
There is one long-standing problem in CRT realloc wrapper, which will
cause the obvious buffer overflow issue when re-allocating one bigger
memory block:
void *realloc (void *ptr, size_t size)
{
//
// BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr.
//
return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
}
This patch introduces one extra header to record the memory buffer size
information when allocating memory block from malloc routine, and re-wrap
the realloc() and free() routines to remove this BUG.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Validated-by: Jian J Wang <jian.j.wang@intel.com>
Cherry picked from https://github.com/tianocore/edk2.git, commit
cf8197a39d07179027455421a182598bd6989999. Changes:
* `SIGNATURE_32` -> `EFI_SIGNATURE_32`
* Added definition of `MIN`
Fixes https://github.com/rhboot/shim/issues/538
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Diffstat (limited to 'Cryptlib/Cryptlib.diff')
0 files changed, 0 insertions, 0 deletions