Enhance error handling code after calling BIO_new in BaseCryptLib.

Signed-off-by: Ye Ting <[email protected]> Reviewed-by: Long Qin <[email protected]> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14528 6f19259b-4bc3-4df7-8a09-765794883524
freebsd · Aug 7, 2013 · 5b2956e · 5b2956e
1 parent 6dafb30
commit 5b2956e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -1,7 +1,7 @@
 /** @file
   PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -109,11 +109,14 @@ RsaGetPrivateKeyFromPem (
   // Read encrypted PEM Data.
   //
   PemBio = BIO_new (BIO_s_mem ());
-  BIO_write (PemBio, PemData, (int) PemSize);
   if (PemBio == NULL) {
     goto _Exit;
   }
 
+  if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
+    goto _Exit;
+  }
+
   //
   // Retrieve RSA Private Key from encrypted PEM data.
   //

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
@@ -1,7 +1,7 @@
 /** @file
   PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -124,7 +124,13 @@ Pkcs7Sign (
   // Convert the data to be signed to BIO format. 
   //
   DataBio = BIO_new (BIO_s_mem ());
-  BIO_write (DataBio, InData, (int) InDataSize);
+  if (DataBio == NULL) {
+    goto _Exit;
+  }
+
+  if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
+    goto _Exit;
+  }
 
   //
   // Create the PKCS#7 signedData structure.
@@ -155,6 +161,7 @@ Pkcs7Sign (
 
   Tmp        = P7Data;
   P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+  ASSERT (P7DataSize > 19);
 
   //
   // Strip ContentInfo to content only for signeddata. The data be trimmed off

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -10,7 +10,7 @@
   WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
   Variable and will do basic check for data structure.
 
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -640,7 +640,13 @@ Pkcs7Verify (
   // in PKCS#7 structure. So ignore NULL checking here.
   //
   DataBio = BIO_new (BIO_s_mem ());
-  BIO_write (DataBio, InData, (int)DataLength);
+  if (DataBio == NULL) {
+    goto _Exit;
+  }
+
+  if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
+    goto _Exit;
+  }
 
   //
   // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and