|
|
63d87e |
From 5aa2d52451b7890480d31a3437a0024bfd9e1a57 Mon Sep 17 00:00:00 2001
|
|
|
63d87e |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
63d87e |
Date: Fri, 31 Jan 2020 12:42:39 +0100
|
|
|
63d87e |
Subject: [PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else"
|
|
|
63d87e |
after return/break
|
|
|
63d87e |
MIME-Version: 1.0
|
|
|
63d87e |
Content-Type: text/plain; charset=UTF-8
|
|
|
63d87e |
Content-Transfer-Encoding: 8bit
|
|
|
63d87e |
|
|
|
63d87e |
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
|
63d87e |
Message-id: <20200131124248.22369-4-lersek@redhat.com>
|
|
|
63d87e |
Patchwork-id: 93614
|
|
|
63d87e |
O-Subject: [RHEL-8.2.0 edk2 PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
|
|
|
63d87e |
Bugzilla: 1751993
|
|
|
63d87e |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
63d87e |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
63d87e |
|
|
|
63d87e |
In the code structure
|
|
|
63d87e |
|
|
|
63d87e |
if (condition) {
|
|
|
63d87e |
//
|
|
|
63d87e |
// block1
|
|
|
63d87e |
//
|
|
|
63d87e |
return;
|
|
|
63d87e |
} else {
|
|
|
63d87e |
//
|
|
|
63d87e |
// block2
|
|
|
63d87e |
//
|
|
|
63d87e |
}
|
|
|
63d87e |
|
|
|
63d87e |
nesting "block2" in an "else" branch is superfluous, and harms
|
|
|
63d87e |
readability. It can be transformed to:
|
|
|
63d87e |
|
|
|
63d87e |
if (condition) {
|
|
|
63d87e |
//
|
|
|
63d87e |
// block1
|
|
|
63d87e |
//
|
|
|
63d87e |
return;
|
|
|
63d87e |
}
|
|
|
63d87e |
//
|
|
|
63d87e |
// block2
|
|
|
63d87e |
//
|
|
|
63d87e |
|
|
|
63d87e |
with identical behavior, and improved readability (less nesting).
|
|
|
63d87e |
|
|
|
63d87e |
The same applies to "break" (instead of "return") in a loop body.
|
|
|
63d87e |
|
|
|
63d87e |
Perform these transformations on DxeImageVerificationHandler().
|
|
|
63d87e |
|
|
|
63d87e |
This patch is a no-op for behavior. Use
|
|
|
63d87e |
|
|
|
63d87e |
git show -b -W
|
|
|
63d87e |
|
|
|
63d87e |
for reviewing it more easily.
|
|
|
63d87e |
|
|
|
63d87e |
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
|
|
63d87e |
Cc: Jian J Wang <jian.j.wang@intel.com>
|
|
|
63d87e |
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
63d87e |
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
|
|
63d87e |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
63d87e |
Message-Id: <20200116190705.18816-3-lersek@redhat.com>
|
|
|
63d87e |
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
|
63d87e |
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
|
|
63d87e |
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
|
|
63d87e |
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
|
|
63d87e |
(cherry picked from commit eccb856f013aec700234211e7371f03454ef9d52)
|
|
|
63d87e |
|
|
|
63d87e |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
63d87e |
---
|
|
|
63d87e |
.../DxeImageVerificationLib.c | 41 +++++++++++-----------
|
|
|
63d87e |
1 file changed, 21 insertions(+), 20 deletions(-)
|
|
|
63d87e |
|
|
|
63d87e |
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
63d87e |
index 5afd723..8204c9c 100644
|
|
|
63d87e |
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
63d87e |
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
63d87e |
@@ -1621,7 +1621,8 @@ DxeImageVerificationHandler (
|
|
|
63d87e |
//
|
|
|
63d87e |
if (Policy == ALWAYS_EXECUTE) {
|
|
|
63d87e |
return EFI_SUCCESS;
|
|
|
63d87e |
- } else if (Policy == NEVER_EXECUTE) {
|
|
|
63d87e |
+ }
|
|
|
63d87e |
+ if (Policy == NEVER_EXECUTE) {
|
|
|
63d87e |
return EFI_ACCESS_DENIED;
|
|
|
63d87e |
}
|
|
|
63d87e |
|
|
|
63d87e |
@@ -1833,7 +1834,8 @@ DxeImageVerificationHandler (
|
|
|
63d87e |
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));
|
|
|
63d87e |
IsVerified = FALSE;
|
|
|
63d87e |
break;
|
|
|
63d87e |
- } else if (!IsVerified) {
|
|
|
63d87e |
+ }
|
|
|
63d87e |
+ if (!IsVerified) {
|
|
|
63d87e |
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
|
|
|
63d87e |
IsVerified = TRUE;
|
|
|
63d87e |
} else {
|
|
|
63d87e |
@@ -1851,25 +1853,24 @@ DxeImageVerificationHandler (
|
|
|
63d87e |
|
|
|
63d87e |
if (IsVerified) {
|
|
|
63d87e |
return EFI_SUCCESS;
|
|
|
63d87e |
- } else {
|
|
|
63d87e |
- Status = EFI_ACCESS_DENIED;
|
|
|
63d87e |
- if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
|
|
|
63d87e |
- //
|
|
|
63d87e |
- // Get image hash value as signature of executable.
|
|
|
63d87e |
- //
|
|
|
63d87e |
- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
|
|
63d87e |
- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
|
|
63d87e |
- if (SignatureList == NULL) {
|
|
|
63d87e |
- Status = EFI_OUT_OF_RESOURCES;
|
|
|
63d87e |
- goto Done;
|
|
|
63d87e |
- }
|
|
|
63d87e |
- SignatureList->SignatureHeaderSize = 0;
|
|
|
63d87e |
- SignatureList->SignatureListSize = (UINT32) SignatureListSize;
|
|
|
63d87e |
- SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
|
|
|
63d87e |
- CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
|
|
|
63d87e |
- Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
|
|
|
63d87e |
- CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
|
|
|
63d87e |
+ }
|
|
|
63d87e |
+ Status = EFI_ACCESS_DENIED;
|
|
|
63d87e |
+ if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
|
|
|
63d87e |
+ //
|
|
|
63d87e |
+ // Get image hash value as signature of executable.
|
|
|
63d87e |
+ //
|
|
|
63d87e |
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
|
|
63d87e |
+ SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
|
|
63d87e |
+ if (SignatureList == NULL) {
|
|
|
63d87e |
+ Status = EFI_OUT_OF_RESOURCES;
|
|
|
63d87e |
+ goto Done;
|
|
|
63d87e |
}
|
|
|
63d87e |
+ SignatureList->SignatureHeaderSize = 0;
|
|
|
63d87e |
+ SignatureList->SignatureListSize = (UINT32) SignatureListSize;
|
|
|
63d87e |
+ SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
|
|
|
63d87e |
+ CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
|
|
|
63d87e |
+ Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
|
|
|
63d87e |
+ CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
|
|
|
63d87e |
}
|
|
|
63d87e |
|
|
|
63d87e |
Done:
|
|
|
63d87e |
--
|
|
|
63d87e |
1.8.3.1
|
|
|
63d87e |
|