proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-09 07:13:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix some pointer casting issues.

Browse Source 
This also fixes the size of an empty vendor_cert or dbx_cert.

Signed-off-by: Peter Jones <shim-owner@fedoraproject.org>
This commit is contained in:
Peter Jones 2013-06-11 14:58:25 -04:00
parent 967152aa9c
commit 23002e8e5c
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cert.S
View File

@ -32,5 +32,5 @@ vendor_cert:
.size vendor_cert_size, 4 .size vendor_cert_size, 4
.section .vendor_cert, "a", @progbits .section .vendor_cert, "a", @progbits
vendor_cert_size: vendor_cert_size:
.long 1 .long 0
#endif #endif

9
shim.c
View File

@ -59,7 +59,7 @@ static UINT32 load_options_size;
*/ */
extern UINT8 vendor_cert[]; extern UINT8 vendor_cert[];
extern UINT32 vendor_cert_size; extern UINT32 vendor_cert_size;
extern EFI_SIGNATURE_LIST *vendor_dbx; extern UINT8 vendor_dbx[];
extern UINT32 vendor_dbx_size; extern UINT32 vendor_dbx_size;
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
@ -359,16 +359,17 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
UINT8 *sha256hash, UINT8 *sha1hash) UINT8 *sha256hash, UINT8 *sha1hash)
{ {
EFI_GUID secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID; EFI_GUID secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_dbx;
if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha256hash, if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha256hash,
SHA256_DIGEST_SIZE, EfiHashSha256Guid) == SHA256_DIGEST_SIZE, EfiHashSha256Guid) ==
DATA_FOUND) DATA_FOUND)
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha1hash, if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha1hash,
SHA1_DIGEST_SIZE, EfiHashSha1Guid) == SHA1_DIGEST_SIZE, EfiHashSha1Guid) ==
DATA_FOUND) DATA_FOUND)
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
if (check_db_cert_in_ram(vendor_dbx, vendor_dbx_size, cert, if (check_db_cert_in_ram(dbx, vendor_dbx_size, cert,
sha256hash) == DATA_FOUND) sha256hash) == DATA_FOUND)
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;