From 6d57592740cdd0b6868baeef7929d6e6fef7a8e3 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 16 Jan 2020 13:39:19 +0100 Subject: [PATCH] SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL) "FileBuffer" is a non-optional input (pointer) parameter to DxeImageVerificationHandler(). Normally, when an edk2 function receives a NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or RETURN_INVALID_PARAMETER. However, those don't conform to the SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image has been loaded. This patch does not change the control flow in the function, it only changes the "Status" outcome from API-incompatible error codes to EFI_ACCESS_DENIED, under some circumstances. Cc: Chao Zhang Cc: Jian J Wang Cc: Jiewen Yao Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5 Signed-off-by: Laszlo Ersek Message-Id: <20200116190705.18816-10-lersek@redhat.com> Reviewed-by: Michael D Kinney [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: ; msgid ] --- .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index b49fe87a10..c98b9e4592 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1655,7 +1655,7 @@ DxeImageVerificationHandler ( // Read the Dos header. // if (FileBuffer == NULL) { - return EFI_INVALID_PARAMETER; + return EFI_ACCESS_DENIED; } mImageBase = (UINT8 *) FileBuffer;