Applied in r14556.
Thanks for the contribution.
On Wed, Jul 31, 2013 at 7:21 PM, Gary Ching-Pang Lin <g...@suse.com> wrote:
> When enrolling the certificate from a file, the suffix check function
> check the last 4 characters to filter out non-DER files. However,
> if the length of the file name is less than 4, the address prior to
> the file name will be accessed while it shouldn't. This commit checks
> the length of the file name to avoid illegal access.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
> ---
> OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> b/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> index c82c0f4..928740a 100644
> --- a/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> +++ b/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> @@ -373,6 +373,7 @@ EnrollPlatformKey (
> UINTN DataSize;
> EFI_SIGNATURE_LIST *PkCert;
> UINT16* FilePostFix;
> + UINTN NameLength;
>
> if (Private->FileContext->FileName == NULL) {
> return EFI_INVALID_PARAMETER;
> @@ -383,7 +384,11 @@ EnrollPlatformKey (
> //
> // Parse the file's postfix. Only support DER encoded X.509 certificate
> files.
> //
> - FilePostFix = Private->FileContext->FileName + StrLen
> (Private->FileContext->FileName) - 4;
> + NameLength = StrLen (Private->FileContext->FileName);
> + if (NameLength <= 4) {
> + return EFI_INVALID_PARAMETER;
> + }
> + FilePostFix = Private->FileContext->FileName + NameLength - 4;
> if (!IsDerEncodeCertificate(FilePostFix)) {
> DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded
> certificate (%s) is supported.", mSupportX509Suffix));
> return EFI_INVALID_PARAMETER;
> @@ -766,6 +771,7 @@ EnrollKeyExchangeKey (
> )
> {
> UINT16* FilePostFix;
> + UINTN NameLength;
>
> if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID ==
> NULL)) {
> return EFI_INVALID_PARAMETER;
> @@ -775,7 +781,11 @@ EnrollKeyExchangeKey (
> // Parse the file's postfix. Supports DER-encoded X509 certificate,
> // and .pbk as RSA public key file.
> //
> - FilePostFix = Private->FileContext->FileName + StrLen
> (Private->FileContext->FileName) - 4;
> + NameLength = StrLen (Private->FileContext->FileName);
> + if (NameLength <= 4) {
> + return EFI_INVALID_PARAMETER;
> + }
> + FilePostFix = Private->FileContext->FileName + NameLength - 4;
> if (IsDerEncodeCertificate(FilePostFix)) {
> return EnrollX509ToKek (Private);
> } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
> @@ -1508,6 +1518,7 @@ EnrollSignatureDatabase (
> )
> {
> UINT16* FilePostFix;
> + UINTN NameLength;
>
> if ((Private->FileContext->FileName == NULL) ||
> (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
> return EFI_INVALID_PARAMETER;
> @@ -1516,7 +1527,11 @@ EnrollSignatureDatabase (
> //
> // Parse the file's postfix.
> //
> - FilePostFix = Private->FileContext->FileName + StrLen
> (Private->FileContext->FileName) - 4;
> + NameLength = StrLen (Private->FileContext->FileName);
> + if (NameLength <= 4) {
> + return EFI_INVALID_PARAMETER;
> + }
> + FilePostFix = Private->FileContext->FileName + NameLength - 4;
> if (IsDerEncodeCertificate(FilePostFix)) {
> //
> // Supports DER-encoded X509 certificate.
> --
> 1.8.1.4
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
