tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-25 14:44:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg Variable: Update code in ProcessVariable () to

Browse Source 
check IsDeleteAuthVariable () first and then check
UserPhysicalPresent () to avoid the case below.

PcdSetXX (a DynamicHii PCD) -> gRT->SetVariable ()
-> UserPhysicalPresent () -> PcdGetXX () 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17058 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Star Zeng 2015-03-17 03:25:16 +00:00 committed by lzeng14
parent 4f953ed721
commit 856236cad7
1 changed files with 23 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -1359,11 +1359,10 @@ ProcessVariable (
IsDeletion = FALSE; IsDeletion = FALSE;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
if (UserPhysicalPresent()) { if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes) && UserPhysicalPresent()) {
// //
// Allow the delete operation of common authenticated variable at user physical presence. // Allow the delete operation of common authenticated variable at user physical presence.
// //
if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes)) {
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
Status = DeleteCertsFromDb (VariableName, VendorGuid); Status = DeleteCertsFromDb (VariableName, VendorGuid);
} }
@ -1382,14 +1381,13 @@ ProcessVariable (
} }
return Status; return Status;
} }
} else {
if (NeedPhysicallyPresent(VariableName, VendorGuid)) { if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
// //
// This variable is protected, only physical present user could modify its value. // This variable is protected, only physical present user could modify its value.
// //
return EFI_SECURITY_VIOLATION; return EFI_SECURITY_VIOLATION;
} }
}
// //
// A time-based authenticated variable and a count-based authenticated variable // A time-based authenticated variable and a count-based authenticated variable