diff mbox series

[v2,08/17] efi_loader: signature: fix a size check against revocation list

Message ID 20200609050947.17861-9-takahiro.akashi@linaro.org
State Superseded
Headers show
Series efi_loader: rework/improve UEFI secure boot code | expand

Commit Message

AKASHI Takahiro June 9, 2020, 5:09 a.m. UTC
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.

Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
---
 lib/efi_loader/efi_signature.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index a05c75472721..f22dc151971f 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -434,10 +434,11 @@  static bool efi_search_siglist(struct x509_certificate *cert,
 		 *	time64_t revocation_time;
 		 * };
 		 */
-		if ((sig_data->size == SHA256_SUM_LEN) &&
-		    !memcmp(sig_data->data, hash, SHA256_SUM_LEN)) {
+		if ((sig_data->size >= SHA256_SUM_LEN + sizeof(time64_t)) &&
+		    !memcmp(sig_data->data, msg, SHA256_SUM_LEN)) {
 			memcpy(revoc_time, sig_data->data + SHA256_SUM_LEN,
 			       sizeof(*revoc_time));
+			EFI_PRINT("revocation time: %llu\n", *revoc_time);
 			found = true;
 			goto out;
 		}