diff options
author | Qin Long <qin.long@intel.com> | 2015-08-26 00:59:17 +0000 |
---|---|---|
committer | qlong <qlong@Edk2> | 2015-08-26 00:59:17 +0000 |
commit | 173a1e688c258e2fbf4f9df19ce734a5def8f065 (patch) | |
tree | 3f7ff323f6792815b63271959cdd26a4921e4eea /SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe | |
parent | 86819ad00fcf8a40d0bf05f139048caf48883e1e (diff) | |
download | edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.tar.gz edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.tar.bz2 edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.zip |
SecurityPkg: Fix one returned code issue in P7Verify Protocol
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe')
-rw-r--r-- | SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 13c91382dc..07fdf552be 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -833,6 +833,13 @@ VerifyBuffer ( return EFI_UNSUPPORTED;
}
if (AttachedData != NULL) {
+ if (InData != NULL) {
+ //
+ // The embedded content is found in SignedData but InData is not NULL
+ //
+ Status = EFI_UNSUPPORTED;
+ goto _Exit;
+ }
//
// PKCS7-formatted signedData with attached content; Use the embedded
// content for verification
|