Skip to content

Commit

Permalink
SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByD…
Browse files Browse the repository at this point in the history 
…bx() (CVE-2019-14575)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

If the second GetVariable() call for "dbx" fails, in IsForbiddenByDbx(),
we have to free Data. Jump to "Done" for that.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
  • Loading branch information
@lersek @mergify
lersek authored and mergify[bot] committed Feb 19, 2020
1 parent 5cd8be6 commit cb30c8f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View file
Expand Up @@ -1274,7 +1274,7 @@ IsForbiddenByDbx (

Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
if (EFI_ERROR (Status)) {
return IsForbidden;
goto Done;
}

//
Expand Down

0 comments on commit cb30c8f

Please sign in to comment.