Reviewed-by: Jiewen Yao
> -Original Message-
> From: Wang, Jian J
> Sent: Thursday, February 6, 2020 10:19 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Zhang, Chao B
> ; Laszlo Ersek
> Subject: [PATCH 2/9] SecurityPkg/DxeImageVerificationLib: reject
> CertStack.CertNumber==0 per DBX(CVE-2019-14575)
>
> In case the signers' certificate stack, retrieved from the PE/COFF image's
> Authenticode blob, has zero elements (= there are zero signer certificates),
> then we should consider the image forbidden by DBX, not accepted by DBX.
>
> Cc: Jiewen Yao
> Cc: Chao Zhang
> Signed-off-by: Jian J Wang
> Reviewed-by: Laszlo Ersek
> ---
> .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git
> a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> index 74dbffa122..5dcd6efed5 100644
> --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> @@ -1326,7 +1326,7 @@ IsForbiddenByDbx (
>// UINT8 Certn[];
>
>//
>
>Pkcs7GetSigners (AuthData, AuthDataSize, , ,
> , );
>
> - if ((BufferLength == 0) || (CertBuffer == NULL)) {
>
> + if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) {
>
> IsForbidden = TRUE;
>
> goto Done;
>
>}
>
> --
> 2.24.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54346): https://edk2.groups.io/g/devel/message/54346
Mute This Topic: https://groups.io/mt/71023418/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-