Blame SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch

4210fa
From 3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 Mon Sep 17 00:00:00 2001
4210fa
From: Peter Jones <pjones@redhat.com>
4210fa
Date: Fri, 19 Sep 2014 11:48:56 -0400
4210fa
Subject: [PATCH 58/74] Don't call AuthenticodeVerify if vendor_cert_size is 0.
4210fa
4210fa
Actually check the size of our vendor cert quite early, so that there's
4210fa
no confusion as to what's going on.
4210fa
4210fa
This isn't strictly necessary, in that in all cases if vendor_cert_size
4210fa
is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result
4210fa
in a NULL "Cert", and it will return FALSE, and we'll reject the
4210fa
signature, but better to avoid all that code in the first place.  Belt
4210fa
and suspenders and whatnot.
4210fa
4210fa
Based on a patch from https://github.com/TBOpen .
4210fa
4210fa
Signed-off-by: Peter Jones <pjones@redhat.com>
4210fa
---
4210fa
 shim.c | 9 ++++-----
4210fa
 1 file changed, 4 insertions(+), 5 deletions(-)
4210fa
4210fa
diff --git a/shim.c b/shim.c
4210fa
index cfa90d1..caa05d8 100644
4210fa
--- a/shim.c
4210fa
+++ b/shim.c
4210fa
@@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
4210fa
 			return status;
4210fa
 		}
4210fa
 
4210fa
-
4210fa
 		/*
4210fa
 		 * And finally, check against shim's built-in key
4210fa
 		 */
4210fa
-		if (AuthenticodeVerify(cert->CertData,
4210fa
-			       context->SecDir->Size - sizeof(cert->Hdr),
4210fa
-			       vendor_cert, vendor_cert_size, sha256hash,
4210fa
-			       SHA256_DIGEST_SIZE)) {
4210fa
+		if (vendor_cert_size && AuthenticodeVerify(cert->CertData,
4210fa
+							context->SecDir->Size - sizeof(cert->Hdr),
4210fa
+							vendor_cert, vendor_cert_size, sha256hash,
4210fa
+							SHA256_DIGEST_SIZE)) {
4210fa
 			status = EFI_SUCCESS;
4210fa
 			return status;
4210fa
 		}
4210fa
-- 
4210fa
1.9.3
4210fa