NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval

Per spec, the GetVariable() runtime service is not required to populate (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL. Therefore we have to fetch the full contents of the TlsCaCertificate variable temporarily, just so we can (a) get the current attributes, and (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent SetVariable() call. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Songpeng Li <songpeng.li@intel.com> Reported-by: Songpeng Li <songpeng.li@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090 Fixes: b90c335fbbb674470fbf09601cc522bf61564c30 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Songpeng Li <songpeng.li@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
author: Laszlo Ersek <lersek@redhat.com> 2018-08-17 15:12:38 +0200
committer: Laszlo Ersek <lersek@redhat.com> 2018-08-22 10:32:43 +0200
commit: 6896efdec2709e530b23c688cf0f31706709a0c5 (patch)
tree: 029601f34a39badc4cab73f74be74866a963b8c4 /NetworkPkg
parent: d00759b212e7912113d9c3292c0174c6dbf74842 (diff)
download: edk2-6896efdec2709e530b23c688cf0f31706709a0c5.zip
edk2-6896efdec2709e530b23c688cf0f31706709a0c5.tar.gz
edk2-6896efdec2709e530b23c688cf0f31706709a0c5.tar.bz2
1 files changed, 26 insertions, 1 deletions
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index 7259c5e..0780b03 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -663,6 +663,7 @@ EnrollX509toVariable (
   EFI_SIGNATURE_LIST                *CACert;
   EFI_SIGNATURE_DATA                *CACertData;
   VOID                              *Data;
+  VOID                              *CurrentData;
   UINTN                             DataSize;
   UINTN                             SigDataSize;
   UINT32                            Attr;
@@ -674,6 +675,7 @@ EnrollX509toVariable (
   CACert        = NULL;
   CACertData    = NULL;
   Data          = NULL;
+  CurrentData   = NULL;
   Attr          = 0;
 
   Status = ReadFileContent (
@@ -716,11 +718,30 @@ EnrollX509toVariable (
   Status = gRT->GetVariable(
                   VariableName,
                   &gEfiTlsCaCertificateGuid,
-                  &Attr,
+                  NULL,
                   &DataSize,
                   NULL
                   );
   if (Status == EFI_BUFFER_TOO_SMALL) {
+    //
+    // Per spec, we have to fetch the variable's contents, even though we're
+    // only interested in the variable's attributes.
+    //
+    CurrentData = AllocatePool (DataSize);
+    if (CurrentData == NULL) {
+      Status = EFI_OUT_OF_RESOURCES;
+      goto ON_EXIT;
+    }
+    Status = gRT->GetVariable(
+                    VariableName,
+                    &gEfiTlsCaCertificateGuid,
+                    &Attr,
+                    &DataSize,
+                    CurrentData
+                    );
+    if (EFI_ERROR (Status)) {
+      goto ON_EXIT;
+    }
     Attr |= EFI_VARIABLE_APPEND_WRITE;
   } else if (Status == EFI_NOT_FOUND) {
     Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
@@ -751,6 +772,10 @@ ON_EXIT:
     FreePool (Data);
   }
 
+  if (CurrentData != NULL) {
+    FreePool (CurrentData);
+  }
+
   if (X509Data != NULL) {
     FreePool (X509Data);
   }
author	Laszlo Ersek <lersek@redhat.com>	2018-08-17 15:12:38 +0200
committer	Laszlo Ersek <lersek@redhat.com>	2018-08-22 10:32:43 +0200
commit	6896efdec2709e530b23c688cf0f31706709a0c5 (patch)
tree	029601f34a39badc4cab73f74be74866a963b8c4 /NetworkPkg
parent	d00759b212e7912113d9c3292c0174c6dbf74842 (diff)
download	edk2-6896efdec2709e530b23c688cf0f31706709a0c5.zip edk2-6896efdec2709e530b23c688cf0f31706709a0c5.tar.gz edk2-6896efdec2709e530b23c688cf0f31706709a0c5.tar.bz2