Fix a bug in DxeImageVerificationLib which will pass incorrect trust cert size to AuthenticodeVerify() function.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13526 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-12 01:13:37 +00:00
parent cf7409f228
commit 3277a4e5ed
1 changed files with 1 additions and 1 deletions
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@ -984,7 +984,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
          // Iterate each Signature Data Node within this CertList for verify.
          //
          RootCert      = Cert->SignatureData;
-          RootCertSize  = CertList->SignatureSize;
+          RootCertSize  = CertList->SignatureSize - sizeof (EFI_GUID);

          //
          // Call AuthenticodeVerify library to Verify Authenticode struct.