diff options
| author | Gary Ching-Pang Lin <glin@suse.com> | 2013-08-08 02:41:37 +0000 |
|---|---|---|
| committer | gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-08-08 02:41:37 +0000 |
| commit | fd64f84f23cdaadf2456d75f5f7f8e24dd796bdc (patch) | |
| tree | 8426de0ee286d42080ef4b9d7f1333396c7c747a /SecurityPkg/VariableAuthenticated | |
| parent | 716e507720319cbeaf1cf1a030771033285fbb55 (diff) | |
Checks the length of the file name to avoid illegal access.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14531 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index e8beecbf5..659952a63 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -399,6 +399,7 @@ EnrollPlatformKey ( UINTN DataSize;
EFI_SIGNATURE_LIST *PkCert;
UINT16* FilePostFix;
+ UINTN NameLength;
if (Private->FileContext->FileName == NULL) {
return EFI_INVALID_PARAMETER;
@@ -414,7 +415,11 @@ EnrollPlatformKey ( //
// Parse the file's postfix. Only support DER encoded X.509 certificate files.
//
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (!IsDerEncodeCertificate(FilePostFix)) {
DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));
return EFI_INVALID_PARAMETER;
@@ -803,6 +808,7 @@ EnrollKeyExchangeKey ( {
UINT16* FilePostFix;
EFI_STATUS Status;
+ UINTN NameLength;
if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -817,7 +823,11 @@ EnrollKeyExchangeKey ( // Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file.
//
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (IsDerEncodeCertificate(FilePostFix)) {
return EnrollX509ToKek (Private);
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
@@ -1551,6 +1561,7 @@ EnrollSignatureDatabase ( {
UINT16* FilePostFix;
EFI_STATUS Status;
+ UINTN NameLength;
if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -1564,7 +1575,11 @@ EnrollSignatureDatabase ( //
// Parse the file's postfix.
//
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (IsDerEncodeCertificate(FilePostFix)) {
//
// Supports DER-encoded X509 certificate.
|