summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/VariableAuthenticated
diff options
context:
space:
mode:
authorRoman Bacik <roman.bacik@broadcom.com>2018-07-10 15:51:05 -0700
committerLaszlo Ersek <lersek@redhat.com>2018-07-12 23:33:56 +0200
commit79b10d4ce4f08aab4b9548fabc4542ca78a96247 (patch)
treed2455a9deb257a1d9ee9bf3ef0d6aec78fb8dafa /SecurityPkg/VariableAuthenticated
parent0a563f3fecfd9baffe8dce51bb4411d6a748a936 (diff)
downloadedk2-79b10d4ce4f08aab4b9548fabc4542ca78a96247.tar.gz
edk2-79b10d4ce4f08aab4b9548fabc4542ca78a96247.tar.bz2
edk2-79b10d4ce4f08aab4b9548fabc4542ca78a96247.zip
SecurityPkg: Fix assert when setting key from eMMC/SD/USB
When secure boot is enabled, if one loads keys from a FAT formatted eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu, an assert in StrLen() occurs. This is because the filename starts on odd address, which is not a uint16 aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=1003 There are further known issues with the OpenFileByDevicePath() function; those are tracked by <https://bugzilla.tianocore.org/show_bug.cgi?id=1008>. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Roman Bacik <roman.bacik@broadcom.com> Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com> [lersek@redhat.com: whitespace fixes] [lersek@redhat.com: reference TianoCore BZ#1008] Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
-rw-r--r--SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
index 1b6f888042..2a26c20f39 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
@@ -123,6 +123,8 @@ OpenFileByDevicePath(
EFI_FILE_PROTOCOL *Handle1;
EFI_FILE_PROTOCOL *Handle2;
EFI_HANDLE DeviceHandle;
+ CHAR16 *PathName;
+ UINTN PathLength;
if ((FilePath == NULL || FileHandle == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -173,6 +175,11 @@ OpenFileByDevicePath(
//
Handle2 = Handle1;
Handle1 = NULL;
+ PathLength = DevicePathNodeLength (*FilePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL);
+ PathName = AllocateCopyPool (PathLength, ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName);
+ if (PathName == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
//
// Try to test opening an existing file
@@ -180,7 +187,7 @@ OpenFileByDevicePath(
Status = Handle2->Open (
Handle2,
&Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+ PathName,
OpenMode &~EFI_FILE_MODE_CREATE,
0
);
@@ -192,7 +199,7 @@ OpenFileByDevicePath(
Status = Handle2->Open (
Handle2,
&Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+ PathName,
OpenMode,
Attributes
);
@@ -202,6 +209,8 @@ OpenFileByDevicePath(
//
Handle2->Close (Handle2);
+ FreePool (PathName);
+
if (EFI_ERROR(Status)) {
return (Status);
}