Fix NULL pointer dereference in AuthenticodeVerify()

[dennis-tseng99]

Thanks for the comments from @frozencemetery. Add PKCS7_get_detached() checking to avoid parsing a NULL ASN.1 object related to the PKCS#7 signed data(d.sign->contents->d.ptr).

This CVE-2019-14584 bug has been fixed in edk2 upstream. Please refer the fix from edk2 upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=1914 https://edk2.groups.io/g/devel/message/66309

Signed-off-by: Gary Lin glin@suse.com Signed-off-by: Dennis Tseng dennis.tseng@suse.com

[dennis-tseng99]

Ping. Could someone help to review this PR which is actually related to a CVE id 2019-14584 ? Many thanks.

[code flow] PKCS7_get_detached() --> PKCS7_ctrl() in which a NULL pointer reference can be inspected through if (!p7->d.sign || !p7->d.sign->contents->d.ptr)

[Quote -- https://bugzilla.redhat.com/show_bug.cgi?id=1889486] It is possible to construct an asn1 blob that successfully decodes and have d2i_PKCS7() return a valid pointer and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign be a NULL pointer.

[julian-klode]

I have confirmed that this looks like the same patch as edk2 received for the CVE

[vathpela]

I have pulled this as https://github.com/rhboot/shim/commit/53509eaf2253e23bfb552e9386fd0877abe592b4 .