From 3277a4e5ed1d54a9ec97b17a60cfbe91b685b1e7 Mon Sep 17 00:00:00 2001
From: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Thu, 12 Jul 2012 01:13:37 +0000
Subject: Fix a bug in DxeImageVerificationLib which will pass incorrect trust
 cert size to AuthenticodeVerify() function.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13526 6f19259b-4bc3-4df7-8a09-765794883524
---
 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 093932053c..f83e530c5c 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -984,7 +984,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
           // Iterate each Signature Data Node within this CertList for verify.
           //
           RootCert      = Cert->SignatureData;
-          RootCertSize  = CertList->SignatureSize;
+          RootCertSize  = CertList->SignatureSize - sizeof (EFI_GUID);
 
           //
           // Call AuthenticodeVerify library to Verify Authenticode struct.
-- 
cgit v1.2.3