summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe
diff options
context:
space:
mode:
authorQin Long <qin.long@intel.com>2015-08-26 00:59:17 +0000
committerqlong <qlong@Edk2>2015-08-26 00:59:17 +0000
commit173a1e688c258e2fbf4f9df19ce734a5def8f065 (patch)
tree3f7ff323f6792815b63271959cdd26a4921e4eea /SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe
parent86819ad00fcf8a40d0bf05f139048caf48883e1e (diff)
downloadedk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.tar.gz
edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.tar.bz2
edk2-173a1e688c258e2fbf4f9df19ce734a5def8f065.zip
SecurityPkg: Fix one returned code issue in P7Verify Protocol
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED when the embedded content is found in SignedData but InData is not NULL. This patch is to comply with the spec definition. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe')
-rw-r--r--SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index 13c91382dc..07fdf552be 100644
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -833,6 +833,13 @@ VerifyBuffer (
return EFI_UNSUPPORTED;
}
if (AttachedData != NULL) {
+ if (InData != NULL) {
+ //
+ // The embedded content is found in SignedData but InData is not NULL
+ //
+ Status = EFI_UNSUPPORTED;
+ goto _Exit;
+ }
//
// PKCS7-formatted signedData with attached content; Use the embedded
// content for verification