|
|
6009e6 |
From d9f12d175da2d203be078d03c9127293ea6fe86b Mon Sep 17 00:00:00 2001
|
|
|
6009e6 |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Date: Fri, 31 Jan 2020 12:42:47 +0100
|
|
|
6009e6 |
Subject: [PATCH 11/12] SecurityPkg/DxeImageVerificationHandler: fix imgexec
|
|
|
6009e6 |
info on memalloc fail
|
|
|
6009e6 |
MIME-Version: 1.0
|
|
|
6009e6 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6009e6 |
Content-Transfer-Encoding: 8bit
|
|
|
6009e6 |
|
|
|
6009e6 |
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-id: <20200131124248.22369-12-lersek@redhat.com>
|
|
|
6009e6 |
Patchwork-id: 93618
|
|
|
6009e6 |
O-Subject: [RHEL-8.2.0 edk2 PATCH 11/12] SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail
|
|
|
6009e6 |
Bugzilla: 1751993
|
|
|
6009e6 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
6009e6 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
6009e6 |
|
|
|
6009e6 |
It makes no sense to call AddImageExeInfo() with (Signature == NULL) and
|
|
|
6009e6 |
(SignatureSize > 0). AddImageExeInfo() does not crash in such a case -- it
|
|
|
6009e6 |
avoids the CopyMem() call --, but it creates an invalid
|
|
|
6009e6 |
EFI_IMAGE_EXECUTION_INFO record. Namely, the
|
|
|
6009e6 |
"EFI_IMAGE_EXECUTION_INFO.InfoSize" field includes "SignatureSize", but
|
|
|
6009e6 |
the actual signature bytes are not filled in.
|
|
|
6009e6 |
|
|
|
6009e6 |
Document and ASSERT() this condition in AddImageExeInfo().
|
|
|
6009e6 |
|
|
|
6009e6 |
In DxeImageVerificationHandler(), zero out "SignatureListSize" if we set
|
|
|
6009e6 |
"SignatureList" to NULL due to AllocateZeroPool() failure.
|
|
|
6009e6 |
|
|
|
6009e6 |
(Another approach could be to avoid calling AddImageExeInfo() completely,
|
|
|
6009e6 |
in case AllocateZeroPool() fails. Unfortunately, the UEFI v2.8 spec does
|
|
|
6009e6 |
not seem to state clearly whether a signature is mandatory in
|
|
|
6009e6 |
EFI_IMAGE_EXECUTION_INFO, if the "Action" field is
|
|
|
6009e6 |
EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED or EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND.
|
|
|
6009e6 |
|
|
|
6009e6 |
For now, the EFI_IMAGE_EXECUTION_INFO addition logic is not changed; we
|
|
|
6009e6 |
only make sure that the record we add is not malformed.)
|
|
|
6009e6 |
|
|
|
6009e6 |
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
|
|
6009e6 |
Cc: Jian J Wang <jian.j.wang@intel.com>
|
|
|
6009e6 |
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
6009e6 |
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
|
|
6009e6 |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-Id: <20200116190705.18816-11-lersek@redhat.com>
|
|
|
6009e6 |
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
|
6009e6 |
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
|
|
6009e6 |
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
|
|
6009e6 |
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
|
|
6009e6 |
(cherry picked from commit 6aa31db5ebebe18b55aa5359142223a03592416f)
|
|
|
6009e6 |
|
|
|
6009e6 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6009e6 |
---
|
|
|
6009e6 |
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 4 +++-
|
|
|
6009e6 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
6009e6 |
|
|
|
6009e6 |
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
index c98b9e4..015a5b6 100644
|
|
|
6009e6 |
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
@@ -704,7 +704,7 @@ GetImageExeInfoTableSize (
|
|
|
6009e6 |
@param[in] Name Input a null-terminated, user-friendly name.
|
|
|
6009e6 |
@param[in] DevicePath Input device path pointer.
|
|
|
6009e6 |
@param[in] Signature Input signature info in EFI_SIGNATURE_LIST data structure.
|
|
|
6009e6 |
- @param[in] SignatureSize Size of signature.
|
|
|
6009e6 |
+ @param[in] SignatureSize Size of signature. Must be zero if Signature is NULL.
|
|
|
6009e6 |
|
|
|
6009e6 |
**/
|
|
|
6009e6 |
VOID
|
|
|
6009e6 |
@@ -761,6 +761,7 @@ AddImageExeInfo (
|
|
|
6009e6 |
//
|
|
|
6009e6 |
// Signature size can be odd. Pad after signature to ensure next EXECUTION_INFO entry align
|
|
|
6009e6 |
//
|
|
|
6009e6 |
+ ASSERT (Signature != NULL || SignatureSize == 0);
|
|
|
6009e6 |
NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
|
|
|
6009e6 |
|
|
|
6009e6 |
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
|
|
|
6009e6 |
@@ -1858,6 +1859,7 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
|
|
6009e6 |
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
|
|
6009e6 |
if (SignatureList == NULL) {
|
|
|
6009e6 |
+ SignatureListSize = 0;
|
|
|
6009e6 |
goto Failed;
|
|
|
6009e6 |
}
|
|
|
6009e6 |
SignatureList->SignatureHeaderSize = 0;
|
|
|
6009e6 |
--
|
|
|
6009e6 |
1.8.3.1
|
|
|
6009e6 |
|