NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval
Per spec, the GetVariable() runtime service is not required to populate
(*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL.
Therefore we have to fetch the full contents of the TlsCaCertificate
variable temporarily, just so we can (a) get the current attributes, and
(b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent SetVariable()
call.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Songpeng Li <songpeng.li@intel.com>
Reported-by: Songpeng Li <songpeng.li@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090
Fixes: b90c335fbb
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Songpeng Li <songpeng.li@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
Laszlo Ersek
@@ -663,6 +663,7 @@ EnrollX509toVariable (
|
|||||||
EFI_SIGNATURE_LIST *CACert;
|
EFI_SIGNATURE_LIST *CACert;
|
||||||
EFI_SIGNATURE_DATA *CACertData;
|
EFI_SIGNATURE_DATA *CACertData;
|
||||||
VOID *Data;
|
VOID *Data;
|
||||||
|
VOID *CurrentData;
|
||||||
UINTN DataSize;
|
UINTN DataSize;
|
||||||
UINTN SigDataSize;
|
UINTN SigDataSize;
|
||||||
UINT32 Attr;
|
UINT32 Attr;
|
||||||
@@ -674,6 +675,7 @@ EnrollX509toVariable (
|
|||||||
CACert = NULL;
|
CACert = NULL;
|
||||||
CACertData = NULL;
|
CACertData = NULL;
|
||||||
Data = NULL;
|
Data = NULL;
|
||||||
|
CurrentData = NULL;
|
||||||
Attr = 0;
|
Attr = 0;
|
||||||
|
|
||||||
Status = ReadFileContent (
|
Status = ReadFileContent (
|
||||||
@@ -716,11 +718,30 @@ EnrollX509toVariable (
|
|||||||
Status = gRT->GetVariable(
|
Status = gRT->GetVariable(
|
||||||
VariableName,
|
VariableName,
|
||||||
&gEfiTlsCaCertificateGuid,
|
&gEfiTlsCaCertificateGuid,
|
||||||
&Attr,
|
NULL,
|
||||||
&DataSize,
|
&DataSize,
|
||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
if (Status == EFI_BUFFER_TOO_SMALL) {
|
if (Status == EFI_BUFFER_TOO_SMALL) {
|
||||||
|
//
|
||||||
|
// Per spec, we have to fetch the variable's contents, even though we're
|
||||||
|
// only interested in the variable's attributes.
|
||||||
|
//
|
||||||
|
CurrentData = AllocatePool (DataSize);
|
||||||
|
if (CurrentData == NULL) {
|
||||||
|
Status = EFI_OUT_OF_RESOURCES;
|
||||||
|
goto ON_EXIT;
|
||||||
|
}
|
||||||
|
Status = gRT->GetVariable(
|
||||||
|
VariableName,
|
||||||
|
&gEfiTlsCaCertificateGuid,
|
||||||
|
&Attr,
|
||||||
|
&DataSize,
|
||||||
|
CurrentData
|
||||||
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
goto ON_EXIT;
|
||||||
|
}
|
||||||
Attr |= EFI_VARIABLE_APPEND_WRITE;
|
Attr |= EFI_VARIABLE_APPEND_WRITE;
|
||||||
} else if (Status == EFI_NOT_FOUND) {
|
} else if (Status == EFI_NOT_FOUND) {
|
||||||
Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
|
Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
|
||||||
@@ -751,6 +772,10 @@ ON_EXIT:
|
|||||||
FreePool (Data);
|
FreePool (Data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (CurrentData != NULL) {
|
||||||
|
FreePool (CurrentData);
|
||||||
|
}
|
||||||
|
|
||||||
if (X509Data != NULL) {
|
if (X509Data != NULL) {
|
||||||
FreePool (X509Data);
|
FreePool (X509Data);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user