NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval

Per spec, the GetVariable() runtime service is not required to populate
(*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL.

Therefore we have to fetch the full contents of the TlsCaCertificate
variable temporarily, just so we can (a) get the current attributes, and
(b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent SetVariable()
call.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Songpeng Li <songpeng.li@intel.com>
Reported-by: Songpeng Li <songpeng.li@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090
Fixes: b90c335fbb
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Songpeng Li <songpeng.li@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
Laszlo Ersek 2018-08-17 15:12:38 +02:00
parent d00759b212
commit 6896efdec2
1 changed files with 26 additions and 1 deletions

View File

@ -663,6 +663,7 @@ EnrollX509toVariable (
EFI_SIGNATURE_LIST *CACert;
EFI_SIGNATURE_DATA *CACertData;
VOID *Data;
VOID *CurrentData;
UINTN DataSize;
UINTN SigDataSize;
UINT32 Attr;
@ -674,6 +675,7 @@ EnrollX509toVariable (
CACert = NULL;
CACertData = NULL;
Data = NULL;
CurrentData = NULL;
Attr = 0;
Status = ReadFileContent (
@ -716,11 +718,30 @@ EnrollX509toVariable (
Status = gRT->GetVariable(
VariableName,
&gEfiTlsCaCertificateGuid,
&Attr,
NULL,
&DataSize,
NULL
);
if (Status == EFI_BUFFER_TOO_SMALL) {
//
// Per spec, we have to fetch the variable's contents, even though we're
// only interested in the variable's attributes.
//
CurrentData = AllocatePool (DataSize);
if (CurrentData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
Status = gRT->GetVariable(
VariableName,
&gEfiTlsCaCertificateGuid,
&Attr,
&DataSize,
CurrentData
);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
Attr |= EFI_VARIABLE_APPEND_WRITE;
} else if (Status == EFI_NOT_FOUND) {
Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
@ -751,6 +772,10 @@ ON_EXIT:
FreePool (Data);
}
if (CurrentData != NULL) {
FreePool (CurrentData);
}
if (X509Data != NULL) {
FreePool (X509Data);
}