SecurityPkg/DxeImageVerificationLib: tighten default result (CVE-2019-14575)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

All intermediate results inside this function will be checked and
returned immediately upon any failure or error, like out-of-resource,
hash calculation error or certificate retrieval failure.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Jian J Wang 2019-09-17 11:04:33 +08:00 committed by mergify[bot]
parent a83dbf008c
commit 5cd8be6079
1 changed files with 10 additions and 1 deletions

View File

@ -1240,7 +1240,7 @@ IsForbiddenByDbx (
// //
// Variable Initialization // Variable Initialization
// //
IsForbidden = FALSE; IsForbidden = TRUE;
Data = NULL; Data = NULL;
CertList = NULL; CertList = NULL;
CertData = NULL; CertData = NULL;
@ -1257,7 +1257,14 @@ IsForbiddenByDbx (
// //
DataSize = 0; DataSize = 0;
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
ASSERT (EFI_ERROR (Status));
if (Status != EFI_BUFFER_TOO_SMALL) { if (Status != EFI_BUFFER_TOO_SMALL) {
if (Status == EFI_NOT_FOUND) {
//
// Evidently not in dbx if the database doesn't exist.
//
IsForbidden = FALSE;
}
return IsForbidden; return IsForbidden;
} }
Data = (UINT8 *) AllocateZeroPool (DataSize); Data = (UINT8 *) AllocateZeroPool (DataSize);
@ -1374,6 +1381,8 @@ IsForbiddenByDbx (
} }
IsForbidden = FALSE;
Done: Done:
if (Data != NULL) { if (Data != NULL) {
FreePool (Data); FreePool (Data);