Reviewed-by: Jiewen Yao <jiewen....@intel.com> > -----Original Message----- > From: Wang, Jian J <jian.j.w...@intel.com> > Sent: Thursday, February 6, 2020 10:19 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com>; Laszlo Ersek <ler...@redhat.com> > Subject: [PATCH 2/9] SecurityPkg/DxeImageVerificationLib: reject > CertStack.CertNumber==0 per DBX(CVE-2019-14575) > > In case the signers' certificate stack, retrieved from the PE/COFF image's > Authenticode blob, has zero elements (= there are zero signer certificates), > then we should consider the image forbidden by DBX, not accepted by DBX. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Signed-off-by: Jian J Wang <jian.j.w...@intel.com> > Reviewed-by: Laszlo Ersek <ler...@redhat.com> > --- > .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git > a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > index 74dbffa122..5dcd6efed5 100644 > --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > @@ -1326,7 +1326,7 @@ IsForbiddenByDbx ( > // UINT8 Certn[]; > > // > > Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, > &TrustedCert, &TrustedCertLength); > > - if ((BufferLength == 0) || (CertBuffer == NULL)) { > > + if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) { > > IsForbidden = TRUE; > > goto Done; > > } > > -- > 2.24.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54346): https://edk2.groups.io/g/devel/message/54346 Mute This Topic: https://groups.io/mt/71023418/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-