From fd64f84f23cdaadf2456d75f5f7f8e24dd796bdc Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 8 Aug 2013 02:41:37 +0000 Subject: Checks the length of the file name to avoid illegal access. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Ching-Pang Lin Reviewed-by: Jordan Justen Reviewed-by: Guo Dong git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14531 6f19259b-4bc3-4df7-8a09-765794883524 --- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'SecurityPkg/VariableAuthenticated') diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index e8beecbf5..659952a63 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -399,6 +399,7 @@ EnrollPlatformKey ( UINTN DataSize; EFI_SIGNATURE_LIST *PkCert; UINT16* FilePostFix; + UINTN NameLength; if (Private->FileContext->FileName == NULL) { return EFI_INVALID_PARAMETER; @@ -414,7 +415,11 @@ EnrollPlatformKey ( // // Parse the file's postfix. Only support DER encoded X.509 certificate files. // - FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4; + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; if (!IsDerEncodeCertificate(FilePostFix)) { DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix)); return EFI_INVALID_PARAMETER; @@ -803,6 +808,7 @@ EnrollKeyExchangeKey ( { UINT16* FilePostFix; EFI_STATUS Status; + UINTN NameLength; if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) { return EFI_INVALID_PARAMETER; @@ -817,7 +823,11 @@ EnrollKeyExchangeKey ( // Parse the file's postfix. Supports DER-encoded X509 certificate, // and .pbk as RSA public key file. // - FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4; + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; if (IsDerEncodeCertificate(FilePostFix)) { return EnrollX509ToKek (Private); } else if (CompareMem (FilePostFix, L".pbk",4) == 0) { @@ -1551,6 +1561,7 @@ EnrollSignatureDatabase ( { UINT16* FilePostFix; EFI_STATUS Status; + UINTN NameLength; if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) { return EFI_INVALID_PARAMETER; @@ -1564,7 +1575,11 @@ EnrollSignatureDatabase ( // // Parse the file's postfix. // - FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4; + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; if (IsDerEncodeCertificate(FilePostFix)) { // // Supports DER-encoded X509 certificate. -- cgit v1.2.3