Discussion:
[edk2] [PATCH] SecurityPkg: Fix DBX Variable Read Error in ImageVerificationLib
Zhang, Chao B
2015-07-15 00:42:49 UTC
Permalink
ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3331b68..ca1bdc0 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1448,7 +1448,7 @@ IsAllowedByDb (
if (Status == EFI_BUFFER_TOO_SMALL) {
goto Done;
}
- DbxData = (UINT8 *) AllocateZeroPool (DataSize);
+ DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);
if (DbxData == NULL) {
goto Done;
}
--
1.9.5.msysgit.1
Long, Qin
2015-07-15 02:05:11 UTC
Permalink
The patch is good.

Reviewed-by: Qin Long <qin.long.intel.com>


Best Regards & Thanks,
LONG, Qin

-----Original Message-----
From: Zhang, Chao B
Sent: Wednesday, July 15, 2015 8:43 AM
To: edk2-***@lists.sourceforge.net
Cc: Long, Qin; Zhang, Chao B
Subject: [PATCH] SecurityPkg: Fix DBX Variable Read Error in ImageVerificationLib

ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3331b68..ca1bdc0 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1448,7 +1448,7 @@ IsAllowedByDb (
if (Status == EFI_BUFFER_TOO_SMALL) {
goto Done;
}
- DbxData = (UINT8 *) AllocateZeroPool (DataSize);
+ DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);
if (DbxData == NULL) {
goto Done;
}
--
1.9.5.msysgit.1
Leif Lindholm
2015-07-15 14:34:59 UTC
Permalink
Post by Zhang, Chao B
ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.
No objection to content of patch, but the above line is too long.
Can you break it up please?

Regards,

Leif
Post by Zhang, Chao B
Contributed-under: TianoCore Contribution Agreement 1.0
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3331b68..ca1bdc0 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1448,7 +1448,7 @@ IsAllowedByDb (
if (Status == EFI_BUFFER_TOO_SMALL) {
goto Done;
}
- DbxData = (UINT8 *) AllocateZeroPool (DataSize);
+ DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);
if (DbxData == NULL) {
goto Done;
}
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
https://lists.sourceforge.net/lists/listinfo/edk2-devel
Loading...