From 0a57b90d750628cb3d4e05fac3a7f64f39c0df84 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Wed, 27 Mar 2019 14:40:51 +0000 Subject: [PATCH] uefi: More carefully check the output from tpm2_pcrlist Otherwise we can get a PCR0 of 'getcapability:getpcrallocationstatuserror'... --- plugins/uefi/fu-uefi-pcrs.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/plugins/uefi/fu-uefi-pcrs.c b/plugins/uefi/fu-uefi-pcrs.c index 2c1b2be74..5c7e5239a 100644 --- a/plugins/uefi/fu-uefi-pcrs.c +++ b/plugins/uefi/fu-uefi-pcrs.c @@ -21,6 +21,16 @@ struct _FuUefiPcrs { G_DEFINE_TYPE (FuUefiPcrs, fu_uefi_pcrs, G_TYPE_OBJECT) +static gboolean +_g_string_isxdigit (GString *str) +{ + for (gsize i = 0; i < str->len; i++) { + if (!g_ascii_isxdigit (str->str[i])) + return FALSE; + } + return TRUE; +} + static void fu_uefi_pcrs_parse_line (const gchar *line, gpointer user_data) { @@ -34,7 +44,7 @@ fu_uefi_pcrs_parse_line (const gchar *line, gpointer user_data) /* split into index:hash */ if (line == NULL || line[0] == '\0') return; - split = g_strsplit (line, ":", 2); + split = g_strsplit (line, ":", -1); if (g_strv_length (split) != 2) { g_debug ("unexpected format, skipping: %s", line); return; @@ -50,9 +60,11 @@ fu_uefi_pcrs_parse_line (const gchar *line, gpointer user_data) /* parse hash */ str = g_string_new (split[1]); - if (str->len < 16) - return; fu_common_string_replace (str, " ", ""); + if ((str->len != 40 && str->len != 64) || !_g_string_isxdigit (str)) { + g_debug ("not SHA-1 or SHA-256, skipping: %s", split[1]); + return; + } g_string_ascii_down (str); item = g_new0 (FuUefiPcrItem, 1); item->idx = idx;