diff options
author | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-05-08 02:53:49 +0000 |
---|---|---|
committer | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-05-08 02:53:49 +0000 |
commit | badd40f9d41c92bf54e3ef8d77f35ded05b7c918 (patch) | |
tree | a4a4c5f4e2907a88249338317423d0ab30494bbd /SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | |
parent | 4233bf706676f9ed0e71a7aac3f3216d0eabf953 (diff) | |
download | edk2-platforms-badd40f9d41c92bf54e3ef8d77f35ded05b7c918.tar.xz |
Removes redundant code and adds data size check for certificate data in DxeImageVerificationLib.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Eric <yong.dong@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13291 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c')
-rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index a591970e45..3e0bbe1ee4 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -251,8 +251,6 @@ HashPeImage ( EFI_IMAGE_SECTION_HEADER *SectionHeader;
UINTN Index;
UINTN Pos;
- UINTN SumOfSectionBytes;
- EFI_IMAGE_SECTION_HEADER *SectionCache;
UINT32 CertSize;
UINT32 NumberOfRvaAndSizes;
@@ -433,11 +431,6 @@ HashPeImage ( mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
);
- SectionCache = Section;
- for (Index = 0, SumOfSectionBytes = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++, SectionCache++) {
- SumOfSectionBytes += SectionCache->SizeOfRawData;
- }
-
//
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
// structures in the image. The 'NumberOfSections' field of the image
@@ -557,6 +550,10 @@ HashPeImageByType ( PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);
+ if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32) {
+ return EFI_UNSUPPORTED;
+ }
+
for (Index = 0; Index < HASHALG_MAX; Index++) {
//
// Check the Hash algorithm in PE/COFF Authenticode.
@@ -577,6 +574,10 @@ HashPeImageByType ( continue;
}
+ if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32 + mHash[Index].OidLength) {
+ return EFI_UNSUPPORTED;
+ }
+
if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
break;
}
@@ -1214,6 +1215,7 @@ DxeImageVerificationHandler ( UINT8 *SecureBootEnable;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
UINT32 NumberOfRvaAndSizes;
+ UINT32 CertSize;
if (File == NULL) {
return EFI_INVALID_PARAMETER;
@@ -1321,7 +1323,9 @@ DxeImageVerificationHandler ( goto Done;
}
- DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
+ Status = EFI_ACCESS_DENIED;
+
+ DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
//
// DOS image header is present,
@@ -1339,7 +1343,6 @@ DxeImageVerificationHandler ( //
// It is not a valid Pe/Coff file.
//
- Status = EFI_ACCESS_DENIED;
goto Done;
}
@@ -1374,8 +1377,6 @@ DxeImageVerificationHandler ( //
// Image Hash is in forbidden database (DBX).
//
- Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
- Status = EFI_ACCESS_DENIED;
goto Done;
}
@@ -1389,8 +1390,6 @@ DxeImageVerificationHandler ( //
// Image Hash is not found in both forbidden and allowed database.
//
- Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
- Status = EFI_ACCESS_DENIED;
goto Done;
}
@@ -1399,9 +1398,20 @@ DxeImageVerificationHandler ( //
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);
+ CertSize = sizeof (WIN_CERTIFICATE);
+
+ if ((mSecDataDir->Size <= CertSize) || (mSecDataDir->Size < WinCertificate->dwLength)) {
+ goto Done;
+ }
+
switch (WinCertificate->wCertificateType) {
case WIN_CERT_TYPE_EFI_GUID:
+ CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8);
+ if (WinCertificate->dwLength < CertSize) {
+ goto Done;
+ }
+
//
// Verify UEFI GUID type.
//
@@ -1416,7 +1426,7 @@ DxeImageVerificationHandler ( //
// Verify Pkcs signed data type.
//
- Status = HashPeImageByType();
+ Status = HashPeImageByType();
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1435,7 +1445,6 @@ DxeImageVerificationHandler ( break;
default:
- Status = EFI_ACCESS_DENIED;
goto Done;
}
//
|