From 058c0368adf2de0369be090a0996785e55ce1477 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 1 Nov 2012 10:31:14 -0400
Subject: [PATCH] Fix signature checking

We could potentially find a valid signature and then fail to validate it
due to not breaking out of the outer while loop.
---
 shim.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/shim.c b/shim.c
index 8c03915..816688e 100644
--- a/shim.c
+++ b/shim.c
@@ -237,6 +237,9 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
 			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 		}
 
+		if (IsFound)
+			break;
+
 		dbsize -= CertList->SignatureListSize;
 		CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
 	}