Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert

Wed, 15 May 2024 08:32:08 -0700 


Looks good to me.
Reviewed-by: Yi Li <yi1...@intel.com>

We are in Hard Freeze phase, will push it after freeze. Thanks.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Qingyu
Sent: Wednesday, May 15, 2024 8:58 PM
To: devel@edk2.groups.io
Cc: Shang, Qingyu <qingyu.sh...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; 
Li, Yi1 <yi1...@intel.com>
Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value 
checking when get X509Cert

From: Qingyu <qingyu.sh...@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509

CryptX509.c file has X509GetTBSCert() funtion and it is added Inf variable to 
collect the return value of ASN1_get_object(), which return 0x80 in error case. 
Supplement the return value check during the second function call and correct 
the check logic.

Signed-off-by: Qingyu <qingyu.sh...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Yi Li <yi1...@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63ee..7ebec9dbad5b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;
   Inf    = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int 
*)&ObjClass, (long)CertSize);
 
-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
     return FALSE;
   }
 
   *TBSCert = (UINT8 *)Temp;
 
-  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, 
(long)Length);
+  Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int 
+ *)&ObjClass, (long)Length);
   //
   // Verify the parsed TBSCertificate is one correct SEQUENCE data.
   //
-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
     return FALSE;
   }
 
--
2.44.0.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118924): https://edk2.groups.io/g/devel/message/118924
Mute This Topic: https://groups.io/mt/106113214/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to