tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/DxeImageVerificationLib: tighten default result (CVE-2019-14575) 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

All intermediate results inside this function will be checked and
returned immediately upon any failure or error, like out-of-resource,
hash calculation error or certificate retrieval failure.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Jian J Wang 2019-09-17 11:04:33 +08:00 committed by mergify[bot]
parent a83dbf008c
commit 5cd8be6079
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -1240,7 +1240,7 @@ IsForbiddenByDbx (
//
// Variable Initialization
//
IsForbidden = FALSE;
IsForbidden = TRUE;
Data = NULL;
CertList = NULL;
CertData = NULL;
@ -1257,7 +1257,14 @@ IsForbiddenByDbx (
//
DataSize = 0;
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
ASSERT (EFI_ERROR (Status));
if (Status != EFI_BUFFER_TOO_SMALL) {
if (Status == EFI_NOT_FOUND) {
//
// Evidently not in dbx if the database doesn't exist.
//
IsForbidden = FALSE;
}
return IsForbidden;
}
Data = (UINT8 *) AllocateZeroPool (DataSize);
@ -1374,6 +1381,8 @@ IsForbiddenByDbx (
}
IsForbidden = FALSE;
Done:
if (Data != NULL) {
FreePool (Data);