From ce040ec1e7653df115ee17e68a84f193dbcb8805 Mon Sep 17 00:00:00 2001 From: Taylor Beebe <31827475+TaylorBeebe@users.noreply.github.com> Date: Wed, 19 Jul 2023 16:50:55 -0700 Subject: [PATCH] CryptEc.c CodeQL Fix (#492) ## Description Free calls could have been called with NULL arguments. - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested on Q35 ## Integration Instructions N/A --------- Co-authored-by: Taylor Beebe --- CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c index d8cc9ba0e8..fc95075dff 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c @@ -585,6 +585,11 @@ EcGetPubKey ( return FALSE; } + // MU_CHANGE [BEGIN] - CodeQL change + BnX = NULL; + BnY = NULL; + // MU_CHANGE [END] - CodeQL change + EcKey = (EC_KEY *)EcContext; Group = EC_KEY_get0_group (EcKey); HalfSize = (EC_GROUP_get_degree (Group) + 7) / 8; @@ -628,8 +633,16 @@ EcGetPubKey ( RetVal = TRUE; fail: - BN_free (BnX); - BN_free (BnY); + // MU_CHANGE [BEGIN] - CodeQL change + if (BnX != NULL) { + BN_free (BnX); + } + + if (BnY != NULL) { + BN_free (BnY); + } + + // MU_CHANGE [END] - CodeQL change return RetVal; }