SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size check - edk2 - Cross-platform firmware development environment

diff options

author	Laszlo Ersek <lersek@redhat.com>	2020-09-01 11:12:20 +0200
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2020-09-02 10:16:18 +0000
commit	a7632e913c1c106f436aefd5e76c394249c383a8 (patch)
tree	57ba757fdd984366452d2ba8306ea4c56a11a29a /BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
parent	503248ccdf45c14d4040ce44163facdc212e4991 (diff)
download	edk2-a7632e913c1c106f436aefd5e76c394249c383a8.tar.gz edk2-a7632e913c1c106f436aefd5e76c394249c383a8.tar.bz2 edk2-a7632e913c1c106f436aefd5e76c394249c383a8.zip

SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size check

Currently the (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) check only guards the de-referencing of the "WinCertificate" pointer. It does not guard the calculation of the pointer itself: WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet); This is wrong; if we don't know for sure that we have enough room for a WIN_CERTIFICATE, then even creating such a pointer, not just de-referencing it, may invoke undefined behavior. Move the pointer calculation after the size check. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-3-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/AutoGen/PlatformAutoGen.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: