From 03953e08bcc28147ae1119f1843800953b01957d Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 21 Sep 2012 15:10:31 +0800
Subject: [PATCH] Reject the binary when there is no key in MokList

---
 shim.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/shim.c b/shim.c
index 4329729..73b2feb 100644
--- a/shim.c
+++ b/shim.c
@@ -617,8 +617,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	}
 
 	CopyMem(&MokNum, MokListData, sizeof(UINT32));
-	if (MokNum == 0)
+	if (MokNum == 0) {
+		status = EFI_ACCESS_DENIED;
 		goto done;
+	}
 
 	list = build_mok_list(MokNum,
 			      (void *)MokListData + sizeof(UINT32),