dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-06 19:22:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

efi_loader: signature: fix a size check against revocation list

Browse Source 
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This commit is contained in:
AKASHI Takahiro
2020-07-08 14:01:54 +09:00
committed by Heinrich Schuchardt
parent eb537fd7eb
commit 36b2f9da5c
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/efi_loader/efi_signature.c
View File

@@ -433,10 +433,11 @@ static bool efi_search_siglist(struct x509_certificate *cert,
* time64_t revocation_time; * time64_t revocation_time;
* }; * };
*/ */
if ((sig_data->size == SHA256_SUM_LEN) && if ((sig_data->size >= SHA256_SUM_LEN + sizeof(time64_t)) &&
!memcmp(sig_data->data, hash, SHA256_SUM_LEN)) { !memcmp(sig_data->data, msg, SHA256_SUM_LEN)) {
memcpy(revoc_time, sig_data->data + SHA256_SUM_LEN, memcpy(revoc_time, sig_data->data + SHA256_SUM_LEN,
sizeof(*revoc_time)); sizeof(*revoc_time));
EFI_PRINT("revocation time: 0x%llx\n", *revoc_time);
found = true; found = true;
goto out; goto out;
} }