From 8c83d0c0b9bd102cd905c83b2644a543e9711815 Mon Sep 17 00:00:00 2001 From: "Chao, Zhang" Date: Tue, 21 Oct 2014 00:35:49 +0000 Subject: =?UTF-8?q?Add=20PubKey=20index=20check=20before=20touching=20PubK?= =?UTF-8?q?ey=20cache.=20Internal=20PubKey=20Variable=20PubkeyIndex=20is?= =?UTF-8?q?=20always=200,=20causing=20Index=20=E2=80=93=201=20overflow.=20?= =?UTF-8?q?Update=20corresponding=20comments.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao, Zhang Reviewed-by: Dong, Guo Reviewed-by: Fu, Siyuan git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16220 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'SecurityPkg/VariableAuthenticated') diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 96b1f40..49d7648 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -1410,9 +1410,11 @@ ProcessVariable ( if (!IsFirstTime) { // - // Check input PubKey. + // 2 cases need to check here + // 1. Internal PubKey variable. PubKeyIndex is always 0 + // 2. Other counter-based AuthVariable. Check input PubKey. // - if (CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) { + if (KeyIndex == 0 || CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) { return EFI_SECURITY_VIOLATION; } // -- cgit v1.1