Fix a bug in DxeImageVerificationLib to use the correct certificate length when verifying a signed EFI image.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13364 6f19259b-4bc3-4df7-8a09-765794883524
2025-07-26 23:24:03 +02:00 · 2012-05-28 04:51:53 +00:00 · 2012-05-28 04:51:53 +00:00 · 4ef15e6e33
commit 4ef15e6e33
parent 97627ad45a
1 changed files with 1 additions and 1 deletions
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@ -946,7 +946,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
          //
          VerifyStatus = AuthenticodeVerify (
                           PkcsCertData->CertData,
-                           mSecDataDir->Size - sizeof(PkcsCertData->Hdr),
+                           PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr),
                           RootCert,
                           RootCertSize,
                           mImageDigest,