mirror of https://github.com/acidanthera/audk.git
d547f31c32
SVN r16380 ("UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp
Verification support for Secure Boot") broke the "dbt" variable's
association with its expected namespace GUID.
According to "MdePkg/Include/Guid/ImageAuthentication.h", *all* of the
"db", "dbx", and "dbt" (== EFI_IMAGE_SECURITY_DATABASE2) variables have
their special meanings in the EFI_IMAGE_SECURITY_DATABASE_GUID namespace.
However, the above commit introduced the following expression in
VariableServiceSetVariable():
> - } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> - ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
> + } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))
> + || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2)) == 0) {
Simply replacing the individual expressions with the predicates
"GuidMatch", "DbMatch", "DbxMatch", and "DbtMatch", the above
transformation becomes:
> - } else if (GuidMatch &&
> - ((DbMatch) || (DbxMatch))) {
> + } else if (GuidMatch &&
> + ((DbMatch) || (DbxMatch))
> + || DbtMatch) {
In shorter form, we change
GuidMatch && (DbMatch || DbxMatch)
into
GuidMatch && (DbMatch || DbxMatch) || DbtMatch
which is incorrect, because this way "dbt" will match outside of the
intended namespace / GUID.
The error was caught by gcc:
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c: In function
> 'VariableServiceSetVariable':
>
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c:3188:71: error:
> suggest parentheses around '&&' within '||' [-Werror=parentheses]
>
> } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> ^
> cc1: all warnings being treated as errors
Fix the parentheses.
This change may have security implications.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16389 6f19259b-4bc3-4df7-8a09-765794883524
|
||
|---|---|---|
| .. | ||
| AuthService.c | ||
| AuthService.h | ||
| Measurement.c | ||
| Reclaim.c | ||
| Variable.c | ||
| Variable.h | ||
| VariableAuthRuntimeDxe.uni | ||
| VariableAuthSmm.uni | ||
| VariableAuthSmmRuntimeDxe.uni | ||
| VariableDxe.c | ||
| VariableRuntimeDxe.inf | ||
| VariableRuntimeDxeExtra.uni | ||
| VariableSmm.c | ||
| VariableSmm.inf | ||
| VariableSmmExtra.uni | ||
| VariableSmmRuntimeDxe.c | ||
| VariableSmmRuntimeDxe.inf | ||
| VariableSmmRuntimeDxeExtra.uni | ||