tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removes redundant code and adds data size check for certificate data in DxeImageVerificationLib. 

Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Eric <yong.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13291 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
tye1 2012-05-08 02:53:49 +00:00
parent 4233bf7066
commit badd40f9d4
1 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -251,8 +251,6 @@ HashPeImage (
EFI_IMAGE_SECTION_HEADER *SectionHeader; EFI_IMAGE_SECTION_HEADER *SectionHeader;
UINTN Index; UINTN Index;
UINTN Pos; UINTN Pos;
UINTN SumOfSectionBytes;
EFI_IMAGE_SECTION_HEADER *SectionCache;
UINT32 CertSize; UINT32 CertSize;
UINT32 NumberOfRvaAndSizes; UINT32 NumberOfRvaAndSizes;
@ -433,11 +431,6 @@ HashPeImage (
mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
); );
SectionCache = Section;
for (Index = 0, SumOfSectionBytes = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++, SectionCache++) {
SumOfSectionBytes += SectionCache->SizeOfRawData;
}
// //
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
// structures in the image. The 'NumberOfSections' field of the image // structures in the image. The 'NumberOfSections' field of the image
@ -557,6 +550,10 @@ HashPeImageByType (
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress); PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);
if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32) {
return EFI_UNSUPPORTED;
}
for (Index = 0; Index < HASHALG_MAX; Index++) { for (Index = 0; Index < HASHALG_MAX; Index++) {
// //
// Check the Hash algorithm in PE/COFF Authenticode. // Check the Hash algorithm in PE/COFF Authenticode.
@ -577,6 +574,10 @@ HashPeImageByType (
continue; continue;
} }
if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32 + mHash[Index].OidLength) {
return EFI_UNSUPPORTED;
}
if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) { if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
break; break;
} }
@ -1214,6 +1215,7 @@ DxeImageVerificationHandler (
UINT8 *SecureBootEnable; UINT8 *SecureBootEnable;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
UINT32 NumberOfRvaAndSizes; UINT32 NumberOfRvaAndSizes;
UINT32 CertSize;
if (File == NULL) { if (File == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -1321,7 +1323,9 @@ DxeImageVerificationHandler (
goto Done; goto Done;
} }
DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase; Status = EFI_ACCESS_DENIED;
DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
// //
// DOS image header is present, // DOS image header is present,
@ -1339,7 +1343,6 @@ DxeImageVerificationHandler (
// //
// It is not a valid Pe/Coff file. // It is not a valid Pe/Coff file.
// //
Status = EFI_ACCESS_DENIED;
goto Done; goto Done;
} }
@ -1374,8 +1377,6 @@ DxeImageVerificationHandler (
// //
// Image Hash is in forbidden database (DBX). // Image Hash is in forbidden database (DBX).
// //
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
Status = EFI_ACCESS_DENIED;
goto Done; goto Done;
} }
@ -1389,8 +1390,6 @@ DxeImageVerificationHandler (
// //
// Image Hash is not found in both forbidden and allowed database. // Image Hash is not found in both forbidden and allowed database.
// //
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
Status = EFI_ACCESS_DENIED;
goto Done; goto Done;
} }
@ -1399,9 +1398,20 @@ DxeImageVerificationHandler (
// //
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress); WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);
CertSize = sizeof (WIN_CERTIFICATE);
if ((mSecDataDir->Size <= CertSize) || (mSecDataDir->Size < WinCertificate->dwLength)) {
goto Done;
}
switch (WinCertificate->wCertificateType) { switch (WinCertificate->wCertificateType) {
case WIN_CERT_TYPE_EFI_GUID: case WIN_CERT_TYPE_EFI_GUID:
CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8);
if (WinCertificate->dwLength < CertSize) {
goto Done;
}
// //
// Verify UEFI GUID type. // Verify UEFI GUID type.
// //
@ -1416,7 +1426,7 @@ DxeImageVerificationHandler (
// //
// Verify Pkcs signed data type. // Verify Pkcs signed data type.
// //
Status = HashPeImageByType(); Status = HashPeImageByType();
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
@ -1435,7 +1445,6 @@ DxeImageVerificationHandler (
break; break;
default: default:
Status = EFI_ACCESS_DENIED;
goto Done; goto Done;
} }
// //