From 73de814a5f30c2c6d82736082c1114a028d12115 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Fri, 31 Jan 2020 12:42:41 +0100 Subject: [PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek Message-id: <20200131124248.22369-6-lersek@redhat.com> Patchwork-id: 93615 O-Subject: [RHEL-8.2.0 edk2 PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status Bugzilla: 1751993 RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Vitaly Kuznetsov Inside the "for" loop that scans the signatures of the image, we call HashPeImageByType(), and assign its return value to "Status". Beyond the immediate retval check, this assignment is useless (never consumed). That's because a subsequent access to "Status" may only be one of the following: - the "Status" assignment when we call HashPeImageByType() in the next iteration of the loop, - the "Status = EFI_ACCESS_DENIED" assignment right after the final "IsVerified" check. To make it clear that the assignment is only useful for the immediate HashPeImageByType() retval check, introduce a specific helper variable, called "HashStatus". This patch is a no-op, functionally. Cc: Chao Zhang Cc: Jian J Wang Cc: Jiewen Yao Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek Message-Id: <20200116190705.18816-5-lersek@redhat.com> Reviewed-by: Michael D Kinney [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: ; msgid ] (cherry picked from commit 47650a5cab608e07c31d66bdb9b4cc6e58bdf22f) Signed-off-by: Miroslav Rezanina --- .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index e6c8a54..5cc82c1 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1581,6 +1581,7 @@ DxeImageVerificationHandler ( UINT32 OffSet; CHAR16 *NameStr; RETURN_STATUS PeCoffStatus; + EFI_STATUS HashStatus; SignatureList = NULL; SignatureListSize = 0; @@ -1802,8 +1803,8 @@ DxeImageVerificationHandler ( continue; } - Status = HashPeImageByType (AuthData, AuthDataSize); - if (EFI_ERROR (Status)) { + HashStatus = HashPeImageByType (AuthData, AuthDataSize); + if (EFI_ERROR (HashStatus)) { continue; } -- 1.8.3.1