Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-20 20:04:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

efi_loader: image_loader: retrieve authenticode only if it exists

Browse source 
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This commit is contained in:
AKASHI Takahiro 2020-07-08 14:01:53 +09:00 committed by Heinrich Schuchardt
parent 1a44b7059c
commit eb537fd7eb
1 changed files with 21 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
lib/efi_loader/efi_image_loader.c
View file

@ -267,6 +267,8 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
dos = (void *)efi; dos = (void *)efi;
nt = (void *)(efi + dos->e_lfanew); nt = (void *)(efi + dos->e_lfanew);
authoff = 0;
authsz = 0;
/* /*
* Count maximum number of regions to be digested. * Count maximum number of regions to be digested.
@ -305,25 +307,36 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
efi_image_region_add(regs, efi_image_region_add(regs,
&opt->DataDirectory[ctidx] + 1, &opt->DataDirectory[ctidx] + 1,
efi + opt->SizeOfHeaders, 0); efi + opt->SizeOfHeaders, 0);
authoff = opt->DataDirectory[ctidx].VirtualAddress;
authsz = opt->DataDirectory[ctidx].Size;
} }
bytes_hashed = opt->SizeOfHeaders; bytes_hashed = opt->SizeOfHeaders;
align = opt->FileAlignment; align = opt->FileAlignment;
authoff = opt->DataDirectory[ctidx].VirtualAddress;
authsz = opt->DataDirectory[ctidx].Size;
} else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader; IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader;
/* Skip CheckSum */
efi_image_region_add(regs, efi, &opt->CheckSum, 0); efi_image_region_add(regs, efi, &opt->CheckSum, 0);
if (nt->OptionalHeader.NumberOfRvaAndSizes <= ctidx) {
efi_image_region_add(regs,
&opt->Subsystem,
efi + opt->SizeOfHeaders, 0);
} else {
/* Skip Certificates Table */
efi_image_region_add(regs, &opt->Subsystem, efi_image_region_add(regs, &opt->Subsystem,
&opt->DataDirectory[ctidx], 0); &opt->DataDirectory[ctidx], 0);
efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, efi_image_region_add(regs,
&opt->DataDirectory[ctidx] + 1,
efi + opt->SizeOfHeaders, 0); efi + opt->SizeOfHeaders, 0);
authoff = opt->DataDirectory[ctidx].VirtualAddress;
authsz = opt->DataDirectory[ctidx].Size;
}
bytes_hashed = opt->SizeOfHeaders; bytes_hashed = opt->SizeOfHeaders;
align = opt->FileAlignment; align = opt->FileAlignment;
authoff = opt->DataDirectory[ctidx].VirtualAddress;
authsz = opt->DataDirectory[ctidx].Size;
} else { } else {
EFI_PRINT("%s: Invalid optional header magic %x\n", __func__, EFI_PRINT("%s: Invalid optional header magic %x\n", __func__,
nt->OptionalHeader.Magic); nt->OptionalHeader.Magic);