From df8c61e4c071d1c6ab04e3ebeeb07cf97fc893e0 Mon Sep 17 00:00:00 2001 From: Sebastian Witt Date: Tue, 4 Jun 2024 13:10:13 +0200 Subject: CryptoPkg: Fix BaseCryptLib CrtWrapper strcpy strcpy fails when strSource is closer than 4096 bytes after strDest. This is caused by an overlap check in AsciiStrCpyS: // // 5. Copying shall not take place between objects that overlap. // SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED); Since DestMax is MAX_STRING_SIZE (0x1000) and with a Source that is in this area behind Destination, AsciiStrCpyS will fail and strcpy will do nothing. When called by CRYPTO_strdup in openssl this leads to uninitialzed memory that gets accessed instead of the copied string. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2817 Signed-off-by: Sebastian Witt --- CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CryptoPkg') diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c index 37cdecc..880ed14 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -271,7 +271,7 @@ strcpy ( const char *strSource ) { - AsciiStrCpyS (strDest, MAX_STRING_SIZE, strSource); + AsciiStrCpyS (strDest, AsciiStrnSizeS (strSource, MAX_STRING_SIZE), strSource); return strDest; } -- cgit v1.1