diff options
-rw-r--r-- | libstb/secvar/backend/edk2-compat-process.c | 5 | ||||
-rw-r--r-- | libstb/secvar/test/secvar-test-edk2-compat.c | 15 |
2 files changed, 19 insertions, 1 deletions
diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index 81ddb9a..ecba3c2 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -266,8 +266,11 @@ int validate_esl_list(const char *key, const char *esl, const size_t size) while (eslvarsize > 0) { prlog(PR_DEBUG, "esl var size is %d offset is %lu\n", eslvarsize, size - eslvarsize); - if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) + if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) { + prlog(PR_ERR, "ESL with size %d is too small\n", eslvarsize); + rc = OPAL_PARAMETER; break; + } /* Check Supported ESL Type */ list = get_esl_signature_list(esl, eslvarsize); diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c index 3cdc6ef..1edce11 100644 --- a/libstb/secvar/test/secvar-test-edk2-compat.c +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -165,6 +165,21 @@ int run_test() ASSERT(5 == list_length(&variable_bank)); ASSERT(setup_mode); + /* Add PK with bad ESL. should fail since data is not big enough to be ESL*/ + printf("Add PK with invalid appended ESL"); + /* 1014 is length of appended ESL Header and its data */ + tmp = new_secvar("PK", 3, PK_auth, PK_auth_len - 1014 + sizeof(EFI_SIGNATURE_LIST) - 1, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + rc = edk2_compat_post_process(&variable_bank, &update_bank); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(setup_mode); + + /* Add PK to update and .process(). */ printf("Add PK"); tmp = new_secvar("PK", 3, PK_auth, PK_auth_len, 0); |