diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2020-01-16 13:07:46 +0100 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-01-31 09:35:31 +0000 |
| commit | f891b052c5ec13c1032fb9d340d5262ac1a7e7e1 (patch) | |
| tree | 0e75a78c098b39a6728bcdc21c24236610ddafbe /BaseTools/Source/Python/Workspace/BuildClassObject.py | |
| parent | 47650a5cab608e07c31d66bdb9b4cc6e58bdf22f (diff) | |
| download | edk2-f891b052c5ec13c1032fb9d340d5262ac1a7e7e1.tar.gz edk2-f891b052c5ec13c1032fb9d340d5262ac1a7e7e1.tar.bz2 edk2-f891b052c5ec13c1032fb9d340d5262ac1a7e7e1.zip | |
SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure
A SECURITY2_FILE_AUTHENTICATION_HANDLER function is not expected to return
EFI_OUT_OF_RESOURCES. We should only return EFI_SUCCESS,
EFI_SECURITY_VIOLATION, or EFI_ACCESS_DENIED.
In case we run out of memory while preparing "SignatureList" for
AddImageExeInfo(), we should simply stick with the EFI_ACCESS_DENIED value
that is already in "Status" -- from just before the "Action" condition --,
and not suppress it with EFI_OUT_OF_RESOURCES.
This patch does not change the control flow in the function, it only
changes the "Status" outcome from API-incompatible error codes to
EFI_ACCESS_DENIED, under some circumstances.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-6-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
Diffstat (limited to 'BaseTools/Source/Python/Workspace/BuildClassObject.py')
0 files changed, 0 insertions, 0 deletions