diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2020-01-16 12:56:59 +0100 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-01-31 09:35:31 +0000 |
| commit | 47650a5cab608e07c31d66bdb9b4cc6e58bdf22f (patch) | |
| tree | 1d9d0dd4668857d55a85a4f1b3533c97b87fafea /SecurityPkg/Library | |
| parent | 61a9fa589a15e9005bec293f9766c78b60fbc9fc (diff) | |
| download | edk2-47650a5cab608e07c31d66bdb9b4cc6e58bdf22f.tar.gz edk2-47650a5cab608e07c31d66bdb9b4cc6e58bdf22f.tar.bz2 edk2-47650a5cab608e07c31d66bdb9b4cc6e58bdf22f.zip | |
SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
Inside the "for" loop that scans the signatures of the image, we call
HashPeImageByType(), and assign its return value to "Status".
Beyond the immediate retval check, this assignment is useless (never
consumed). That's because a subsequent access to "Status" may only be one
of the following:
- the "Status" assignment when we call HashPeImageByType() in the next
iteration of the loop,
- the "Status = EFI_ACCESS_DENIED" assignment right after the final
"IsVerified" check.
To make it clear that the assignment is only useful for the immediate
HashPeImageByType() retval check, introduce a specific helper variable,
called "HashStatus".
This patch is a no-op, functionally.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-5-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
Diffstat (limited to 'SecurityPkg/Library')
| -rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index e6c8a54087..5cc82c1b3b 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1581,6 +1581,7 @@ DxeImageVerificationHandler ( UINT32 OffSet;
CHAR16 *NameStr;
RETURN_STATUS PeCoffStatus;
+ EFI_STATUS HashStatus;
SignatureList = NULL;
SignatureListSize = 0;
@@ -1802,8 +1803,8 @@ DxeImageVerificationHandler ( continue;
}
- Status = HashPeImageByType (AuthData, AuthDataSize);
- if (EFI_ERROR (Status)) {
+ HashStatus = HashPeImageByType (AuthData, AuthDataSize);
+ if (EFI_ERROR (HashStatus)) {
continue;
}
|