summaryrefslogtreecommitdiff
path: root/OvmfPkg/SecureBootConfigDxe
diff options
context:
space:
mode:
authorGary Ching-Pang Lin <glin@suse.com>2013-08-18 07:04:02 +0000
committerjljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>2013-08-18 07:04:02 +0000
commitdfd3119ab2e28b60b33b65b49249124994ffce63 (patch)
treec4de17ef0dfff4facbb416928ee64e9897773985 /OvmfPkg/SecureBootConfigDxe
parent4388b0ee0c87e88071b1056429c8294305f36d1b (diff)
downloadedk2-platforms-dfd3119ab2e28b60b33b65b49249124994ffce63.tar.xz
OvmfPkg/SecureBootConfigDxe: Avoid illegal access
When enrolling the certificate from a file, the suffix check function check the last 4 characters to filter out non-DER files. However, if the length of the file name is less than 4, the address prior to the file name will be accessed while it shouldn't. This commit checks the length of the file name to avoid illegal access. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14556 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'OvmfPkg/SecureBootConfigDxe')
-rw-r--r--OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c b/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
index c82c0f4f95..928740a7ba 100644
--- a/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -373,6 +373,7 @@ EnrollPlatformKey (
UINTN DataSize;
EFI_SIGNATURE_LIST *PkCert;
UINT16* FilePostFix;
+ UINTN NameLength;
if (Private->FileContext->FileName == NULL) {
return EFI_INVALID_PARAMETER;
@@ -383,7 +384,11 @@ EnrollPlatformKey (
//
// Parse the file's postfix. Only support DER encoded X.509 certificate files.
//
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (!IsDerEncodeCertificate(FilePostFix)) {
DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));
return EFI_INVALID_PARAMETER;
@@ -766,6 +771,7 @@ EnrollKeyExchangeKey (
)
{
UINT16* FilePostFix;
+ UINTN NameLength;
if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -775,7 +781,11 @@ EnrollKeyExchangeKey (
// Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file.
//
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (IsDerEncodeCertificate(FilePostFix)) {
return EnrollX509ToKek (Private);
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
@@ -1508,6 +1518,7 @@ EnrollSignatureDatabase (
)
{
UINT16* FilePostFix;
+ UINTN NameLength;
if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -1516,7 +1527,11 @@ EnrollSignatureDatabase (
//
// Parse the file's postfix.
//
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (IsDerEncodeCertificate(FilePostFix)) {
//
// Supports DER-encoded X509 certificate.