diff options
author | Roman Bacik <roman.bacik@broadcom.com> | 2018-07-10 15:51:05 -0700 |
---|---|---|
committer | Laszlo Ersek <lersek@redhat.com> | 2018-07-12 23:33:56 +0200 |
commit | 79b10d4ce4f08aab4b9548fabc4542ca78a96247 (patch) | |
tree | d2455a9deb257a1d9ee9bf3ef0d6aec78fb8dafa /SecurityPkg | |
parent | 0a563f3fecfd9baffe8dce51bb4411d6a748a936 (diff) | |
download | edk2-79b10d4ce4f08aab4b9548fabc4542ca78a96247.tar.gz edk2-79b10d4ce4f08aab4b9548fabc4542ca78a96247.tar.bz2 edk2-79b10d4ce4f08aab4b9548fabc4542ca78a96247.zip |
SecurityPkg: Fix assert when setting key from eMMC/SD/USB
When secure boot is enabled, if one loads keys from a FAT formatted
eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu,
an assert in StrLen() occurs.
This is because the filename starts on odd address, which is not a uint16
aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=1003
There are further known issues with the OpenFileByDevicePath() function;
those are tracked by
<https://bugzilla.tianocore.org/show_bug.cgi?id=1008>.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
[lersek@redhat.com: whitespace fixes]
[lersek@redhat.com: reference TianoCore BZ#1008]
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'SecurityPkg')
-rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c index 1b6f888042..2a26c20f39 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c @@ -123,6 +123,8 @@ OpenFileByDevicePath( EFI_FILE_PROTOCOL *Handle1;
EFI_FILE_PROTOCOL *Handle2;
EFI_HANDLE DeviceHandle;
+ CHAR16 *PathName;
+ UINTN PathLength;
if ((FilePath == NULL || FileHandle == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -173,6 +175,11 @@ OpenFileByDevicePath( //
Handle2 = Handle1;
Handle1 = NULL;
+ PathLength = DevicePathNodeLength (*FilePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL);
+ PathName = AllocateCopyPool (PathLength, ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName);
+ if (PathName == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
//
// Try to test opening an existing file
@@ -180,7 +187,7 @@ OpenFileByDevicePath( Status = Handle2->Open (
Handle2,
&Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+ PathName,
OpenMode &~EFI_FILE_MODE_CREATE,
0
);
@@ -192,7 +199,7 @@ OpenFileByDevicePath( Status = Handle2->Open (
Handle2,
&Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+ PathName,
OpenMode,
Attributes
);
@@ -202,6 +209,8 @@ OpenFileByDevicePath( //
Handle2->Close (Handle2);
+ FreePool (PathName);
+
if (EFI_ERROR(Status)) {
return (Status);
}
|