CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553) - Tianocore/edk2.git

diff options

author	Laszlo Ersek <lersek@redhat.com>	2019-10-24 17:44:08 +0300
committer	Laszlo Ersek <lersek@redhat.com>	2019-11-02 14:07:25 +0300
commit	eb520d94dba7369d1886cd5522d5a2c36fb02209 (patch)
tree	fc9fd0b12be0d626ca4951ae8d4ce380a7a9c597 /BaseTools/Source/Python/Table/TableDec.py
parent	2ca74e1a175232cc201798e27437700adc7fb07e (diff)
download	edk2-eb520d94dba7369d1886cd5522d5a2c36fb02209.tar.xz

CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)

According to the ISO C standard, strchr() is a function. We #define it as a macro. Unfortunately, our macro evaluates the first argument ("str") twice. If the expression passed for "str" has side effects, the behavior may be undefined. In a later patch in this series, we're going to resurrect "inet_pton.c" (originally from the StdLib package), which calls strchr() just like that: strchr((xdigits = xdigits_l), ch) strchr((xdigits = xdigits_u), ch) To enable this kind of function call, turn strchr() into a function. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/Table/TableDec.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: