REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509
ASN1_get_object() returns (0x80) in error case and it is compared with (0x00). If ASN1_get_object() returns 0x80 it should returns FALSE, but here it is compared with (0x00) and if it returns 0x80 it is coming out of the condition and makes the function TRUE. Cc: Sountharya N <sounthar...@ami.com> Cc: Prarthana Sagar V <prarthan...@ami.com> Cc: Gayathri Thunuguntla <gayath...@ami.com> Cc: Srinivasan Mani <srinivas...@ami.com> Cc: Yi Li <yi1...@intel.com> Signed-off-by: Sountharya N <sounthar...@ami.com> --- ...e-check-ASN1_get_object-return-value.patch | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 0001-Add-variable-check-ASN1_get_object-return-value.patch diff --git a/0001-Add-variable-check-ASN1_get_object-return-value.patch b/0001-Add-variable-check-ASN1_get_object-return-value.patch new file mode 100644 index 0000000000..3bd7f69ab2 --- /dev/null +++ b/0001-Add-variable-check-ASN1_get_object-return-value.patch @@ -0,0 +1,47 @@ +grom 4bffb95cc9f16f1ee25155b0dde9e7dc7288134a Mon Sep 17 00:00:00 2001 +From: Sountharya N <sounthar...@ami.com> +Date: Fri, 17 May 2024 15:30:51 +0530 +Subject: [PATCH] Add variable&check ASN1_get_object() return value +To: sounthar...@ami.com + +REF: "https://bugzilla.tianocore.org/show_bug.cgi?id=4509"; + +ASN1_get_object() returns (0x80) in error case and it is compared with (0x00). If ASN1_get_object() returns 0x80 it should returns FALSE, but here it is compared with (0x00) and if it returns 0x80 it is coming out of the condition and makes the function TRUE. + +Cc: Sountharya N <sounthar...@ami.com> + +Cc: Shenba <shenbagade...@ami.com> + +Signed-off-by: Sountharya N <sounthar...@ami.com> +--- + CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +index 1182323b63..021cc328f8 100644 +--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c ++++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +@@ -839,17 +839,17 @@ X509GetTBSCert ( + Length = 0; + Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); + +- if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { ++ if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { + return FALSE; + } + + *TBSCert = (UINT8 *)Temp; + +- ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); ++ Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + // + // Verify the parsed TBSCertificate is one correct SEQUENCE data. + // +- if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { ++ if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { + return FALSE; + } + +-- +2.35.1.windows.2 + -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119053): https://edk2.groups.io/g/devel/message/119053 Mute This Topic: https://groups.io/mt/106158469/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
