render / rpms / edk2

Forked from rpms/edk2 3 months ago
Clone

Blame SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch

63d87e
From 73de814a5f30c2c6d82736082c1114a028d12115 Mon Sep 17 00:00:00 2001
63d87e
From: Laszlo Ersek <lersek@redhat.com>
63d87e
Date: Fri, 31 Jan 2020 12:42:41 +0100
63d87e
Subject: [PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down
63d87e
 PE/COFF hash status
63d87e
MIME-Version: 1.0
63d87e
Content-Type: text/plain; charset=UTF-8
63d87e
Content-Transfer-Encoding: 8bit
63d87e
63d87e
RH-Author: Laszlo Ersek <lersek@redhat.com>
63d87e
Message-id: <20200131124248.22369-6-lersek@redhat.com>
63d87e
Patchwork-id: 93615
63d87e
O-Subject: [RHEL-8.2.0 edk2 PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
63d87e
Bugzilla: 1751993
63d87e
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
63d87e
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
63d87e
63d87e
Inside the "for" loop that scans the signatures of the image, we call
63d87e
HashPeImageByType(), and assign its return value to "Status".
63d87e
63d87e
Beyond the immediate retval check, this assignment is useless (never
63d87e
consumed). That's because a subsequent access to "Status" may only be one
63d87e
of the following:
63d87e
63d87e
- the "Status" assignment when we call HashPeImageByType() in the next
63d87e
  iteration of the loop,
63d87e
63d87e
- the "Status = EFI_ACCESS_DENIED" assignment right after the final
63d87e
  "IsVerified" check.
63d87e
63d87e
To make it clear that the assignment is only useful for the immediate
63d87e
HashPeImageByType() retval check, introduce a specific helper variable,
63d87e
called "HashStatus".
63d87e
63d87e
This patch is a no-op, functionally.
63d87e
63d87e
Cc: Chao Zhang <chao.b.zhang@intel.com>
63d87e
Cc: Jian J Wang <jian.j.wang@intel.com>
63d87e
Cc: Jiewen Yao <jiewen.yao@intel.com>
63d87e
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
63d87e
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
63d87e
Message-Id: <20200116190705.18816-5-lersek@redhat.com>
63d87e
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
63d87e
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
63d87e
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
63d87e
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
63d87e
(cherry picked from commit 47650a5cab608e07c31d66bdb9b4cc6e58bdf22f)
63d87e
63d87e
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
63d87e
---
63d87e
 .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c        | 5 +++--
63d87e
 1 file changed, 3 insertions(+), 2 deletions(-)
63d87e
63d87e
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
63d87e
index e6c8a54..5cc82c1 100644
63d87e
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
63d87e
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
63d87e
@@ -1581,6 +1581,7 @@ DxeImageVerificationHandler (
63d87e
   UINT32                               OffSet;
63d87e
   CHAR16                               *NameStr;
63d87e
   RETURN_STATUS                        PeCoffStatus;
63d87e
+  EFI_STATUS                           HashStatus;
63d87e
 
63d87e
   SignatureList     = NULL;
63d87e
   SignatureListSize = 0;
63d87e
@@ -1802,8 +1803,8 @@ DxeImageVerificationHandler (
63d87e
       continue;
63d87e
     }
63d87e
 
63d87e
-    Status = HashPeImageByType (AuthData, AuthDataSize);
63d87e
-    if (EFI_ERROR (Status)) {
63d87e
+    HashStatus = HashPeImageByType (AuthData, AuthDataSize);
63d87e
+    if (EFI_ERROR (HashStatus)) {
63d87e
       continue;
63d87e
     }
63d87e
 
63d87e
-- 
63d87e
1.8.3.1
63d87e