diff options
| author | Qin Long <qin.long@intel.com> | 2015-08-26 00:59:17 +0000 |
|---|---|---|
| committer | qlong <qlong@Edk2> | 2015-08-26 00:59:17 +0000 |
| commit | 173a1e688c258e2fbf4f9df19ce734a5def8f065 (patch) | |
| tree | 3f7ff323f6792815b63271959cdd26a4921e4eea | |
| parent | 86819ad00fcf8a40d0bf05f139048caf48883e1e (diff) | |
| download | edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.tar.gz edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.tar.bz2 edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.zip | |
SecurityPkg: Fix one returned code issue in P7Verify Protocol
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 13c91382dc..07fdf552be 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -833,6 +833,13 @@ VerifyBuffer ( return EFI_UNSUPPORTED;
}
if (AttachedData != NULL) {
+ if (InData != NULL) {
+ //
+ // The embedded content is found in SignedData but InData is not NULL
+ //
+ Status = EFI_UNSUPPORTED;
+ goto _Exit;
+ }
//
// PKCS7-formatted signedData with attached content; Use the embedded
// content for verification
|