proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-03 01:55:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

verify_buffer: check that the value of cert->Hdr.dwLength is reasonable

Browse Source 
Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2016-09-06 15:20:18 -04:00
parent b8e27b3cfe
commit 2de084689f
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
shim.c
View File

@ -915,6 +915,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
unsigned int size = datasize;
if (context->SecDir->Size != 0) {
if (context->SecDir->Size >= size) {
perror(L"Certificate Database size is too large\n");
return EFI_INVALID_PARAMETER;
}
cert = ImageAddress (data, size,
context->SecDir->VirtualAddress);
@ -923,6 +928,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
return EFI_INVALID_PARAMETER;
}
if (cert->Hdr.dwLength > context->SecDir->Size) {
perror(L"Certificate list size is inconsistent with PE headers");
return EFI_INVALID_PARAMETER;
}
if (cert->Hdr.wCertificateType !=
WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
perror(L"Unsupported certificate type %x\n",