Attachment 1425753 Details for Bug 1570980 – Patch fixing UEFI Signature List iteration

[patch] Patch fixing UEFI Signature List iteration

0003-Fix-UEFI-Signature-List-iteration.patch (text/plain), 3.13 KB, created by Michal Růžička on 2018-04-23 21:58:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michal Růžička

Created: 2018-04-23 21:58:11 UTC

Size: 3.13 KB

patch

obsolete

>From 0d00d896008dc41eb00d9b0c13cfd56883421361 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?Michal=20R=C5=AF=C5=BEi=C4=8Dka?= <michal.ruza@gmail.com>
>Date: Mon, 23 Apr 2018 01:18:50 +0200
>Subject: [PATCH] Fix UEFI Signature List iteration
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>Signed-off-by: Michal RÅ¯Å¾iÄka <michal.ruza@gmail.com>
>---
> src/iter.c | 49 +++++++++++++++++++++----------------------------
> 1 file changed, 21 insertions(+), 28 deletions(-)
>
>diff --git a/src/iter.c b/src/iter.c
>index 45ee059..f6b89ba 100644
>--- a/src/iter.c
>+++ b/src/iter.c
>@@ -220,38 +220,13 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type,
> 		iter->esl = (EFI_SIGNATURE_LIST *)iter->buf;
> 	} else {
> 		vprintf("Getting next EFI_SIGNATURE_LIST\n");
>-		efi_guid_t type;
>-		esl_get_type(iter, &type);
>-		if (iter->len - iter->offset > iter->esl->SignatureListSize) {
>-			warnx("EFI Signature List is malformed");
>-			errx(1, "list has %zd bytes left, element is %"PRIu32" bytes",
>-			     iter->len - iter->offset,
>-			     iter->esl->SignatureListSize);
>-		}
>-		if (!efi_guid_cmp(&type, &efi_guid_x509_cert)) {
>-			int32_t asn1size;
>-
>-			asn1size = GetASN1SequenceSize(
>-				((uint8_t *)*data) + sizeof (efi_guid_t),
>-				*len - sizeof (efi_guid_t));
>-			if (asn1size < 0) {
>-				warnx("iterator data claims to be an X.509 "
>-				      "Cert but is not valid ASN.1 DER");
>-			} else if ((uint32_t)asn1size != iter->esl->SignatureSize
>-							 - sizeof (efi_guid_t)) {
>-				warnx("X.509 Cert ASN.1 size does not match "
>-				      "SignatureList Size (%d vs %ld)",
>-				      asn1size, iter->esl->SignatureSize -
>-						sizeof (efi_guid_t));
>-			}
>-
>-		}
>-
> 		iter->offset += iter->esl->SignatureListSize;
> 		if ((uint32_t)iter->offset >= iter->len)
> 			return 0;
> 		iter->esl = (EFI_SIGNATURE_LIST *)((intptr_t)iter->buf
> 						+ iter->offset);
>+		if ((uint32_t)(iter->offset + sizeof (iter->esl)) > iter->len)
>+			return -EINVAL;
> 	}
> 
> 	EFI_SIGNATURE_LIST esl;
>@@ -263,7 +238,7 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type,
> 
> 	/* if this list size is too big for our data, then it's malformed
> 	 * data and we're done. */
>-	if (iter->esl->SignatureListSize > iter->len - iter->offset)
>+	if ((uint32_t)(iter->offset + iter->esl->SignatureListSize) > iter->len)
> 		return -EINVAL;
> 
> 	*type = iter->esl->SignatureType;
>@@ -272,6 +247,24 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type,
> 			+ iter->esl->SignatureHeaderSize);
> 	*len = iter->esl->SignatureListSize - sizeof (EFI_SIGNATURE_LIST);
> 
>+	if (!efi_guid_cmp(type, &efi_guid_x509_cert)) {
>+		int32_t asn1size;
>+
>+		asn1size = GetASN1SequenceSize(
>+			((uint8_t *)*data) + sizeof (efi_guid_t),
>+			*len - sizeof (efi_guid_t));
>+		if (asn1size < 0) {
>+			warnx("iterator data claims to be an X.509 "
>+			      "Cert but is not valid ASN.1 DER");
>+		} else if ((uint32_t)asn1size != iter->esl->SignatureSize
>+		                                 - sizeof (efi_guid_t)) {
>+			warnx("X.509 Cert ASN.1 size does not match "
>+			      "SignatureList Size (%d vs %ld)",
>+		              asn1size, iter->esl->SignatureSize -
>+		                        sizeof (efi_guid_t));
>+		}
>+	}
>+
> 	return 1;
> }
> 
>-- 
>2.14.3
>

Actions: View | Diff

Attachments on bug 1570980: 1425753 | 1426574