BaseCryptLib: Fix possible uninitialized use

Yao, Jiewen Fri, 14 May 2021 17:31:07 -0700

Hi Sergei
Thank you very much for the fix.
Reviewed-by: Jiewen Yao <jiewen....@intel.com>


I am a little surprised why it is not caught before. It is an obvious logic 
issue.

Do you think we can do anything on CI, to catch it during pre-check-in in the 
future?
I just feel it is burden to make it post-check-in fix.


Thank you
Yao Jiewen

> -----Original Message-----
> From: Sergei Dmitrouk <ser...@posteo.net>
> Sent: Friday, May 14, 2021 8:17 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J <jian.j.w...@intel.com>;
> Lu, XiaoyuX <xiaoyux...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com>
> Subject: [PATCH v1 3/3] CryptoPkg/BaseCryptLib: Fix possible uninitialized use
> 
> `Result` can be used uninitialized in both functions after following
> either first or second `goto` statement.
> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Xiaoyu Lu <xiaoyux...@intel.com>
> Cc: Guomin Jiang <guomin.ji...@intel.com>
> Signed-off-by: Sergei Dmitrouk <ser...@posteo.net>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c     | 1 +
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> index 4009d37d5f91..0b2960f06c4c 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> @@ -82,6 +82,7 @@ RsaPssVerify (
>    EVP_PKEY_CTX *KeyCtx;
>    CONST EVP_MD  *HashAlg;
> 
> +  Result = FALSE;
>    EvpRsaKey = NULL;
>    EvpVerifyCtx = NULL;
>    KeyCtx = NULL;
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> index b66b6f7296ad..ece765f9ae0a 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> @@ -97,6 +97,7 @@ RsaPssSign (
>    EVP_PKEY_CTX          *KeyCtx;
>    CONST EVP_MD          *HashAlg;
> 
> +  Result = FALSE;
>    EvpRsaKey = NULL;
>    EvpVerifyCtx = NULL;
>    KeyCtx = NULL;
> --
> 2.17.6



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75135): https://edk2.groups.io/g/devel/message/75135
Mute This Topic: https://groups.io/mt/82822574/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 3/3] CryptoPkg/BaseCryptLib: Fix possible uninitialized use

Reply via email to