diff options
| author | Doug Cook (WINDOWS) <dcook@microsoft.com> | 2024-11-30 17:13:43 -0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-12-06 15:55:55 +0000 |
| commit | fd9501f582c8ffa10e9ed70f4aca2f66fe0a3931 (patch) | |
| tree | d9af110722cbde7916251f79aef4138e542f7f65 /BaseTools/Source/Python | |
| parent | bbcdc0b7d9822c1014d563aaf12d8f43aea1a2e1 (diff) | |
| download | edk2-fd9501f582c8ffa10e9ed70f4aca2f66fe0a3931.zip edk2-fd9501f582c8ffa10e9ed70f4aca2f66fe0a3931.tar.gz edk2-fd9501f582c8ffa10e9ed70f4aca2f66fe0a3931.tar.bz2 | |
DxeRngLib: GetRandomNumber spurious success
The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.
- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.
In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.
Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
Diffstat (limited to 'BaseTools/Source/Python')
0 files changed, 0 insertions, 0 deletions