mirror of https://github.com/acidanthera/audk.git
SecurityPkg Variable: Update code in ProcessVariable () to
check IsDeleteAuthVariable () first and then check UserPhysicalPresent () to avoid the case below. PcdSetXX (a DynamicHii PCD) -> gRT->SetVariable () -> UserPhysicalPresent () -> PcdGetXX () Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17058 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
4f953ed721
commit
856236cad7
|
@ -1359,36 +1359,34 @@ ProcessVariable (
|
|||
IsDeletion = FALSE;
|
||||
Status = EFI_SUCCESS;
|
||||
|
||||
if (UserPhysicalPresent()) {
|
||||
if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes) && UserPhysicalPresent()) {
|
||||
//
|
||||
// Allow the delete operation of common authenticated variable at user physical presence.
|
||||
//
|
||||
if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes)) {
|
||||
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
|
||||
Status = DeleteCertsFromDb (VariableName, VendorGuid);
|
||||
}
|
||||
if (!EFI_ERROR (Status)) {
|
||||
Status = UpdateVariable (
|
||||
VariableName,
|
||||
VendorGuid,
|
||||
NULL,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
Variable,
|
||||
NULL
|
||||
);
|
||||
}
|
||||
return Status;
|
||||
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
|
||||
Status = DeleteCertsFromDb (VariableName, VendorGuid);
|
||||
}
|
||||
} else {
|
||||
if (NeedPhysicallyPresent(VariableName, VendorGuid)) {
|
||||
//
|
||||
// This variable is protected, only physical present user could modify its value.
|
||||
//
|
||||
return EFI_SECURITY_VIOLATION;
|
||||
if (!EFI_ERROR (Status)) {
|
||||
Status = UpdateVariable (
|
||||
VariableName,
|
||||
VendorGuid,
|
||||
NULL,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
Variable,
|
||||
NULL
|
||||
);
|
||||
}
|
||||
return Status;
|
||||
}
|
||||
|
||||
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
|
||||
//
|
||||
// This variable is protected, only physical present user could modify its value.
|
||||
//
|
||||
return EFI_SECURITY_VIOLATION;
|
||||
}
|
||||
|
||||
//
|
||||
|
|
Loading…
Reference in New Issue