aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libstb/secvar/backend/edk2-compat-process.c5
-rw-r--r--libstb/secvar/test/secvar-test-edk2-compat.c25
2 files changed, 29 insertions, 1 deletions
diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index ecba3c2..c0006a5 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -491,8 +491,11 @@ static int verify_signature(const struct efi_variable_authentication_2 *auth,
/* Variable is not empty */
while (eslvarsize > 0) {
prlog(PR_DEBUG, "esl var size is %d offset is %d\n", eslvarsize, offset);
- if (eslvarsize < sizeof(EFI_SIGNATURE_LIST))
+ if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) {
+ rc = OPAL_INTERNAL_ERROR;
+ prlog(PR_ERR, "ESL data is corrupted\n");
break;
+ }
/* Calculate the size of the ESL */
eslsize = get_esl_signature_list_size(avar->data + offset,
diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c
index 1edce11..100fda7 100644
--- a/libstb/secvar/test/secvar-test-edk2-compat.c
+++ b/libstb/secvar/test/secvar-test-edk2-compat.c
@@ -89,6 +89,7 @@ int run_test()
{
int rc = -1;
struct secvar *tmp;
+ size_t tmp_size;
char empty[64] = {0};
/* The sequence of test cases here is important to ensure that
@@ -213,6 +214,30 @@ int run_test()
tmp = find_secvar("db", 3, &variable_bank);
ASSERT(NULL != tmp);
+ /* Add db, should fail with no KEK and invalid PK size */
+ printf("Add db, corrupt PK");
+ /* Somehow PK gets assigned wrong size */
+ tmp = find_secvar("PK", 3, &variable_bank);
+ ASSERT(NULL != tmp);
+ tmp_size = tmp->data_size;
+ tmp->data_size = sizeof(EFI_SIGNATURE_LIST) - 1;
+ tmp = new_secvar("db", 3, DB_auth, DB_auth_len, 0);
+ ASSERT(0 == edk2_compat_validate(tmp));
+ list_add_tail(&update_bank, &tmp->link);
+ ASSERT(1 == list_length(&update_bank));
+
+ rc = edk2_compat_process(&variable_bank, &update_bank);
+ ASSERT(OPAL_INTERNAL_ERROR == rc);
+ ASSERT(5 == list_length(&variable_bank));
+ ASSERT(0 == list_length(&update_bank));
+ tmp = find_secvar("db", 3, &variable_bank);
+ ASSERT(NULL != tmp);
+ ASSERT(0 == tmp->data_size);
+ /* Restore PK data size */
+ tmp = find_secvar("PK", 3, &variable_bank);
+ ASSERT(NULL != tmp);
+ tmp->data_size = tmp_size;
+
/* Add trimmed KEK, .process(), should fail. */
printf("Add trimmed KEK\n");
tmp = new_secvar("KEK", 4, trimmedKEK_auth, trimmedKEK_auth_len, 0);
generated by cgit v1.1 at 2024-07-16 22:02:05 +0000