OcAppleImageVerificationLib: Fix potential memory corruption

The reallocated pointer is not returned and thus lost locally (leak). Because ReallocatePool frees the old buffer on success, the caller pointers are unsafe after calling this function (potential corruption). Because the rest of the buffer is zero'd right before, there should be no security concern keeping the current buffer.

OcAppleImageVerificationLib: Fix potential memory corruption
The reallocated pointer is not returned and thus lost locally (leak). Because ReallocatePool frees the old buffer on success, the caller pointers are unsafe after calling this function (potential corruption). Because the rest of the buffer is zero'd right before, there should be no security concern keeping the current buffer.
2ceee875 · Download-Fritz · 3e9ef5ac · 2ceee875
隐藏空白更改
内联并排

Showing with 0 addition and 8 deletion

Library/OcAppleImageVerificationLib/OcAppleImageVerification.c ...ry/OcAppleImageVerificationLib/OcAppleImageVerification.c +0 -8

未找到文件。
--- a/Library/OcAppleImageVerificationLib/OcAppleImageVerification.c
+++ b/Library/OcAppleImageVerificationLib/OcAppleImageVerification.c
@@ -548,14 +548,6 @@ SanitizeApplePeImage (
      (UINT8 *) Image + *RealImageSize,
      ImageSize - *RealImageSize
      );
-    //
-    // Reallocate file buffer
-    //
-    Image = ReallocatePool (
-              ImageSize,
-              *RealImageSize,
-              Image
-              );
  }
 }