回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku

Mon Nov 23 00:49:53 UTC 2020

Jiewen:

 I am OK to merge this bug fix into this stable tag. If no objection, you can merge it tomorrow. 

Thanks

Liming

发件人: bounce+27952+67779+4905953+8761045 at groups.io <bounce+27952+67779+4905953+8761045 at groups.io> 代表 Yao, Jiewen
发送时间: 2020年11月22日 20:26
收件人: Kun Qin <kun.q at outlook.com>; gaoliming <gaoliming at byosoft.com.cn>; devel at edk2.groups.io
抄送: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX <xiaoyux.lu at intel.com>; Jiang, Guomin <guomin.jiang at intel.com>
主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku

I can help to merge if it is approved.

I will add reviewed-by tag when I merge it.

Thank you

Yao Jiewen

From: Kun Qin <kun.q at outlook.com <mailto:kun.q at outlook.com> > 
Sent: Sunday, November 22, 2020 3:10 PM
To: gaoliming <gaoliming at byosoft.com.cn <mailto:gaoliming at byosoft.com.cn> >; devel at edk2.groups.io <mailto:devel at edk2.groups.io> ; Yao, Jiewen <jiewen.yao at intel.com <mailto:jiewen.yao at intel.com> >
Cc: Wang, Jian J <jian.j.wang at intel.com <mailto:jian.j.wang at intel.com> >; Lu, XiaoyuX <xiaoyux.lu at intel.com <mailto:xiaoyux.lu at intel.com> >; Jiang, Guomin <guomin.jiang at intel.com <mailto:guomin.jiang at intel.com> >
Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku

Hi Liming,

It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions.

Thanks,

Kun

From: gaoliming <mailto:gaoliming at byosoft.com.cn> 
Sent: Thursday, November 19, 2020 9:39 PM
To: devel at edk2.groups.io <mailto:devel at edk2.groups.io> ; jiewen.yao at intel.com <mailto:jiewen.yao at intel.com> ; 'Kun Qin' <mailto:kun.q at outlook.com> 
Cc: 'Wang, Jian J' <mailto:jian.j.wang at intel.com> ; 'Lu, XiaoyuX' <mailto:xiaoyux.lu at intel.com> ; 'Jiang, Guomin' <mailto:guomin.jiang at intel.com> 
Subject: 回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku

Kun:
 This is a bug fix. It passed code review. Do you request to merge it for
this stable tag 202011?

Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+67567+4905953+8761045 at groups.io <mailto:bounce+27952+67567+4905953+8761045 at groups.io> 
> <bounce+27952+67567+4905953+8761045 at groups.io <mailto:bounce+27952+67567+4905953+8761045 at groups.io> > 代表 Yao, Jiewen
> 发送时间: 2020年11月14日 8:32
> 收件人: Kun Qin <kun.q at outlook.com <mailto:kun.q at outlook.com> >; devel at edk2.groups.io <mailto:devel at edk2.groups.io> 
> 抄送: Wang, Jian J <jian.j.wang at intel.com <mailto:jian.j.wang at intel.com> >; Lu, XiaoyuX
> <xiaoyux.lu at intel.com <mailto:xiaoyux.lu at intel.com> >; Jiang, Guomin <guomin.jiang at intel.com <mailto:guomin.jiang at intel.com> >; Yao,
> Jiewen <jiewen.yao at intel.com <mailto:jiewen.yao at intel.com> >
> 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer
> double free in CryptPkcs7VerifyEku
> 
> Sorry, I missed this email.
> 
> Reviewed-by: Jiewen Yao <Jiewen.yao at intel.com <mailto:Jiewen.yao at intel.com> >
> 
> 
> > -----Original Message-----
> > From: Kun Qin <kun.q at outlook.com <mailto:kun.q at outlook.com> >
> > Sent: Wednesday, October 21, 2020 10:32 AM
> > To: devel at edk2.groups.io <mailto:devel at edk2.groups.io> 
> > Cc: Wang, Jian J <jian.j.wang at intel.com <mailto:jian.j.wang at intel.com> >; Lu, XiaoyuX
> > <xiaoyux.lu at intel.com <mailto:xiaoyux.lu at intel.com> >; Yao, Jiewen <jiewen.yao at intel.com <mailto:jiewen.yao at intel.com> >; Jiang,
> > Guomin <guomin.jiang at intel.com <mailto:guomin.jiang at intel.com> >
> > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free
in
> > CryptPkcs7VerifyEku
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459
> >
> > SignerCert is part of Pkcs7 instance when both have valid content.
OpenSLL
> > PKCS7_free function will release the memory of SignerCert when
applicable.
> > Freeing SignerCert with X509_free again might cause page fault if use-
> > after-free guard is enabled.
> >
> > Cc: Jian J Wang <jian.j.wang at intel.com <mailto:jian.j.wang at intel.com> >
> > Cc: Xiaoyu Lu <xiaoyux.lu at intel.com <mailto:xiaoyux.lu at intel.com> >
> > Cc: Jiewen Yao <jiewen.yao at intel.com <mailto:jiewen.yao at intel.com> >
> > Cc: Guomin Jiang <guomin.jiang at intel.com <mailto:guomin.jiang at intel.com> >
> >
> > Signed-off-by: Kun Qin <kun.q at outlook.com <mailto:kun.q at outlook.com> >
> > ---
> >  CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ----
> >  1 file changed, 4 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > index c9fdb65b99d1..40cc39afe7dd 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > @@ -508,10 +508,6 @@ Exit:
> >      free (SignedData);
> >
> >    }
> >
> >
> >
> > -  if (SignerCert != NULL) {
> >
> > -    X509_free (SignerCert);
> >
> > -  }
> >
> > -
> >
> >    if (Pkcs7 != NULL) {
> >
> >      PKCS7_free (Pkcs7);
> >
> >    }
> >
> > --
> > 2.28.0.windows.1
> 
> 
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67781): https://edk2.groups.io/g/devel/message/67781
Mute This Topic: https://groups.io/mt/78443908/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20201123/e211c50a/attachment.htm>