From efa9c47690a45f74db8918c9838e0e6f07ba103f Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Apr 2014 15:55:35 +0800
Subject: [PATCH] MokManager: Discard the list contains an invalid signature

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 MokManager.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/MokManager.c b/MokManager.c
index ef0536c..b9475be 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -183,10 +183,8 @@ static UINT32 count_keys(void *Data, UINTN DataSize)
 		}
 
 		if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) {
-			dbsize -= CertList->SignatureListSize;
-			CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList +
-						  CertList->SignatureListSize);
-			continue;
+			console_errorbox(L"Invalid signature list found");
+			return 0;
 		}
 
 		MokNum++;
@@ -220,12 +218,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
 			FreePool(list);
 			return NULL;
 		}
-		if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) {
-			dbsize -= CertList->SignatureListSize;
-			CertList = (EFI_SIGNATURE_LIST *)((UINT8 *) CertList +
-						  CertList->SignatureListSize);
-			continue;
-		}
+
+		/* Omit the signature check here since we already did it
+		   in count_keys() */
 
 		Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) +
 		  sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);