render / rpms / edk2

Forked from rpms/edk2 3 months ago
Clone
Source Code
GIT

Blame SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch

c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta edk2-hyperscale
  1.   63d87e251caa5ac03942a02b780495b62f2ff767
  2.   SOURCES
  3.   edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch
Blob History Raw
63d87e 
From e2efec69c63703c324099b987204a38fdb0d9d6f Mon Sep 17 00:00:00 2001
63d87e 
From: Laszlo Ersek <lersek@redhat.com>
63d87e 
Date: Fri, 31 Jan 2020 12:42:46 +0100
63d87e 
Subject: [PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for
63d87e 
 (FileBuffer==NULL)
63d87e 
MIME-Version: 1.0
63d87e 
Content-Type: text/plain; charset=UTF-8
63d87e 
Content-Transfer-Encoding: 8bit
63d87e
63d87e 
RH-Author: Laszlo Ersek <lersek@redhat.com>
63d87e 
Message-id: <20200131124248.22369-11-lersek@redhat.com>
63d87e 
Patchwork-id: 93613
63d87e 
O-Subject: [RHEL-8.2.0 edk2 PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
63d87e 
Bugzilla: 1751993
63d87e 
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
63d87e 
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
63d87e
63d87e 
"FileBuffer" is a non-optional input (pointer) parameter to
63d87e 
DxeImageVerificationHandler(). Normally, when an edk2 function receives a
63d87e 
NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or
63d87e 
RETURN_INVALID_PARAMETER. However, those don't conform to the
63d87e 
SECURITY2_FILE_AUTHENTICATION_HANDLER prototype.
63d87e
63d87e 
Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image
63d87e 
has been loaded.
63d87e
63d87e 
This patch does not change the control flow in the function, it only
63d87e 
changes the "Status" outcome from API-incompatible error codes to
63d87e 
EFI_ACCESS_DENIED, under some circumstances.
63d87e
63d87e 
Cc: Chao Zhang <chao.b.zhang@intel.com>
63d87e 
Cc: Jian J Wang <jian.j.wang@intel.com>
63d87e 
Cc: Jiewen Yao <jiewen.yao@intel.com>
63d87e 
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
63d87e 
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
63d87e 
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
63d87e 
Message-Id: <20200116190705.18816-10-lersek@redhat.com>
63d87e 
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
63d87e 
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
63d87e 
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
63d87e 
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
63d87e 
(cherry picked from commit 6d57592740cdd0b6868baeef7929d6e6fef7a8e3)
63d87e
63d87e 
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
63d87e 
---
63d87e 
 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
63d87e 
 1 file changed, 1 insertion(+), 1 deletion(-)
63d87e
63d87e 
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
63d87e 
index b49fe87..c98b9e4 100644
63d87e 
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
63d87e 
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
63d87e 
@@ -1655,7 +1655,7 @@ DxeImageVerificationHandler (
63d87e 
   // Read the Dos header.
63d87e 
   //
63d87e 
   if (FileBuffer == NULL) {
63d87e 
-    return EFI_INVALID_PARAMETER;
63d87e 
+    return EFI_ACCESS_DENIED;
63d87e 
   }
63d87e
63d87e 
   mImageBase  = (UINT8 *) FileBuffer;
63d87e 
--
63d87e 
1.8.3.1
63d87e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation