@@ -480,11 +480,15 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
goto err;
+ memcpy(×tamp, &auth->time_stamp, sizeof(timestamp));
+ if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone ||
+ timestamp.daylight || timestamp.pad2)
+ goto err;
+
*data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
*data_size -= (sizeof(auth->time_stamp)
+ auth->auth_info.hdr.dwLength);
- memcpy(×tamp, &auth->time_stamp, sizeof(timestamp));
memset(&tm, 0, sizeof(tm));
tm.tm_year = timestamp.year;
tm.tm_mon = timestamp.month;
The UEFI specification requires that when UEFI variables are set using time based authentication we have to check that unused fields of the timestamp are zero Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de> --- lib/efi_loader/efi_variable.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.27.0