1. Enhance AuthVar driver to avoid process corrupted certificate input.

Signed-off-by: hhuan13
Reviewed-by: ftian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12398 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
hhuan13
2011-09-21 05:17:50 +00:00
parent 378175d258
commit 648f98d15b
3 changed files with 48 additions and 18 deletions

View File

@@ -1046,19 +1046,37 @@ VerifyTimeBasedPayload (
//
return EFI_SECURITY_VIOLATION;
}
//
// Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
//
SigData = (UINT8*) ((UINTN)Data + (UINTN)(((EFI_VARIABLE_AUTHENTICATION_2 *) 0)->AuthInfo.CertData));
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(UINTN)(((WIN_CERTIFICATE_UEFI_GUID *) 0)->CertData);
SigData = (UINT8*) ((UINTN)Data + OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
//
// Sanity check to avoid corrupted certificate input.
//
if (CertData->AuthInfo.Hdr.dwLength < (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData))) {
return EFI_SECURITY_VIOLATION;
}
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
//
// Find out the new data payload which follows Pkcs7 SignedData directly.
//
PayLoadPtr = (UINT8*) ((UINTN) SigData + (UINTN) SigDataSize);
PayLoadSize = DataSize - (UINTN)(((EFI_VARIABLE_AUTHENTICATION_2 *) 0)->AuthInfo.CertData) - (UINTN) SigDataSize;
//
// Sanity check to avoid corrupted certificate input.
//
if (DataSize < (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)+ (UINTN) SigDataSize)) {
return EFI_SECURITY_VIOLATION;
}
PayLoadSize = DataSize - OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) - (UINTN) SigDataSize;
//