From cb385f19370e919921c7e1c2c54c0a2d87a20888 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 1 Nov 2012 10:39:31 -0400
Subject: [PATCH] Fix AuthenticodeVerify loop

Cert needs to be modified inside the Index loop, not outside it. This is unlikely to
ever trigger since there will typically only be one X509 certificate per
EFI_SIGNATURE_LIST, but fix it anyway.
---
 shim.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shim.c b/shim.c
index 816688e..c038d8e 100644
--- a/shim.c
+++ b/shim.c
@@ -232,9 +232,10 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
 							      hash, SHA256_DIGEST_SIZE);
 				if (IsFound)
 					break;
+
+				Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 			}
 
-			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 		}
 
 		if (IsFound)