sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check the value of Hdr.dwLength for signed EFI image before image validation.

Browse Source 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13701 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
2012-09-06 02:15:59 +00:00
parent 44c5d6b548
commit 84bce75b08
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -1276,6 +1276,9 @@ DxeImageVerificationHandler (
// Authenticode specification. // Authenticode specification.
// //
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate; PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
goto Done;
}
AuthData = PkcsCertData->CertData; AuthData = PkcsCertData->CertData;
AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr); AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
@ -1290,7 +1293,8 @@ DxeImageVerificationHandler (
// The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec. // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
// //
WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate; WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
if (!CompareGuid(&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) { if (!CompareGuid(&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid) ||
(WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData))) {
goto Done; goto Done;
} }
AuthData = WinCertUefiGuid->CertData; AuthData = WinCertUefiGuid->CertData;