diff options
author | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-05-09 10:45:09 +0000 |
---|---|---|
committer | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-05-09 10:45:09 +0000 |
commit | 4e33001c6ead8d8696cd22e1c194ab9c02dc8792 (patch) | |
tree | 3aa4957117bbf182ad8624f2dd94fca945f90870 | |
parent | 568e7b27772ccc003f75c361943a228a2c1ebba2 (diff) | |
download | edk2-platforms-4e33001c6ead8d8696cd22e1c194ab9c02dc8792.tar.xz |
Fixes buffer read overflow bugs in authenticated variable driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13298 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 6d41de904b..784afae93b 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -1399,6 +1399,9 @@ ProcessVariable ( // Update public key database variable if need.
//
KeyIndex = AddPubKeyInStore (PubKey);
+ if (KeyIndex == 0) {
+ return EFI_SECURITY_VIOLATION;
+ }
}
//
@@ -2179,7 +2182,7 @@ VerifyTimeBasedPayload ( CertList = (EFI_SIGNATURE_LIST *) GetVariableDataPtr (PkVariable.CurrPtr);
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
RootCert = Cert->SignatureData;
- RootCertSize = CertList->SignatureSize;
+ RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
//
@@ -2224,7 +2227,7 @@ VerifyTimeBasedPayload ( // Iterate each Signature Data Node within this CertList for a verify
//
RootCert = Cert->SignatureData;
- RootCertSize = CertList->SignatureSize;
+ RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
//
// Verify Pkcs7 SignedData via Pkcs7Verify library.
|