|
 |
6009e6 |
From e2efec69c63703c324099b987204a38fdb0d9d6f Mon Sep 17 00:00:00 2001
|
|
|
6009e6 |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Date: Fri, 31 Jan 2020 12:42:46 +0100
|
|
|
6009e6 |
Subject: [PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for
|
|
|
6009e6 |
(FileBuffer==NULL)
|
|
|
6009e6 |
MIME-Version: 1.0
|
|
|
6009e6 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6009e6 |
Content-Transfer-Encoding: 8bit
|
|
|
6009e6 |
|
|
|
6009e6 |
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-id: <20200131124248.22369-11-lersek@redhat.com>
|
|
|
6009e6 |
Patchwork-id: 93613
|
|
|
6009e6 |
O-Subject: [RHEL-8.2.0 edk2 PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
|
|
|
6009e6 |
Bugzilla: 1751993
|
|
|
6009e6 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
6009e6 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
6009e6 |
|
|
|
6009e6 |
"FileBuffer" is a non-optional input (pointer) parameter to
|
|
|
6009e6 |
DxeImageVerificationHandler(). Normally, when an edk2 function receives a
|
|
|
6009e6 |
NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or
|
|
|
6009e6 |
RETURN_INVALID_PARAMETER. However, those don't conform to the
|
|
|
6009e6 |
SECURITY2_FILE_AUTHENTICATION_HANDLER prototype.
|
|
|
6009e6 |
|
|
|
6009e6 |
Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image
|
|
|
6009e6 |
has been loaded.
|
|
|
6009e6 |
|
|
|
6009e6 |
This patch does not change the control flow in the function, it only
|
|
|
6009e6 |
changes the "Status" outcome from API-incompatible error codes to
|
|
|
6009e6 |
EFI_ACCESS_DENIED, under some circumstances.
|
|
|
6009e6 |
|
|
|
6009e6 |
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
|
|
6009e6 |
Cc: Jian J Wang <jian.j.wang@intel.com>
|
|
|
6009e6 |
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
6009e6 |
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
|
|
6009e6 |
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
|
|
|
6009e6 |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-Id: <20200116190705.18816-10-lersek@redhat.com>
|
|
|
6009e6 |
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
|
6009e6 |
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
|
|
6009e6 |
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
|
|
6009e6 |
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
|
|
6009e6 |
(cherry picked from commit 6d57592740cdd0b6868baeef7929d6e6fef7a8e3)
|
|
|
6009e6 |
|
|
|
6009e6 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6009e6 |
---
|
|
|
6009e6 |
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
|
|
|
6009e6 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
6009e6 |
|
|
|
6009e6 |
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
index b49fe87..c98b9e4 100644
|
|
|
6009e6 |
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
@@ -1655,7 +1655,7 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
// Read the Dos header.
|
|
|
6009e6 |
//
|
|
|
6009e6 |
if (FileBuffer == NULL) {
|
|
|
6009e6 |
- return EFI_INVALID_PARAMETER;
|
|
|
6009e6 |
+ return EFI_ACCESS_DENIED;
|
|
|
6009e6 |
}
|
|
|
6009e6 |
|
|
|
6009e6 |
mImageBase = (UINT8 *) FileBuffer;
|
|
|
6009e6 |
--
|
|
|
6009e6 |
1.8.3.1
|
|
|
6009e6 |
|