|
|
6abd8c8 |
From 75593536b4cf1ab5803a45240a90168bc4698573 Mon Sep 17 00:00:00 2001
|
|
|
6abd8c8 |
From: Peter Jones <pjones@redhat.com>
|
|
|
6abd8c8 |
Date: Tue, 11 Jun 2013 14:58:25 -0400
|
|
|
6abd8c8 |
Subject: [PATCH] Fix some pointer casting issues.
|
|
|
6abd8c8 |
|
|
|
6abd8c8 |
This also fixes the size of an empty vendor_cert or dbx_cert.
|
|
|
6abd8c8 |
|
|
|
6abd8c8 |
Signed-off-by: Peter Jones <shim-owner@fedoraproject.org>
|
|
|
6abd8c8 |
---
|
|
|
6abd8c8 |
cert.S | 2 +-
|
|
|
6abd8c8 |
shim.c | 9 +++++----
|
|
|
6abd8c8 |
2 files changed, 6 insertions(+), 5 deletions(-)
|
|
|
6abd8c8 |
|
|
|
6abd8c8 |
diff --git a/cert.S b/cert.S
|
|
|
6abd8c8 |
index 2ed9b6d..66a05b8 100644
|
|
|
6abd8c8 |
--- a/cert.S
|
|
|
6abd8c8 |
+++ b/cert.S
|
|
|
6abd8c8 |
@@ -32,5 +32,5 @@ vendor_cert:
|
|
|
6abd8c8 |
.size vendor_cert_size, 4
|
|
|
6abd8c8 |
.section .vendor_cert, "a", @progbits
|
|
|
6abd8c8 |
vendor_cert_size:
|
|
|
6abd8c8 |
- .long 1
|
|
|
6abd8c8 |
+ .long 0
|
|
|
6abd8c8 |
#endif
|
|
|
6abd8c8 |
diff --git a/shim.c b/shim.c
|
|
|
6abd8c8 |
index 8ffcad6..a573037 100644
|
|
|
6abd8c8 |
--- a/shim.c
|
|
|
6abd8c8 |
+++ b/shim.c
|
|
|
6abd8c8 |
@@ -59,7 +59,7 @@ static UINT32 load_options_size;
|
|
|
6abd8c8 |
*/
|
|
|
6abd8c8 |
extern UINT8 vendor_cert[];
|
|
|
6abd8c8 |
extern UINT32 vendor_cert_size;
|
|
|
6abd8c8 |
-extern EFI_SIGNATURE_LIST *vendor_dbx;
|
|
|
6abd8c8 |
+extern UINT8 vendor_dbx[];
|
|
|
6abd8c8 |
extern UINT32 vendor_dbx_size;
|
|
|
6abd8c8 |
|
|
|
6abd8c8 |
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
|
|
|
6abd8c8 |
@@ -359,16 +359,17 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
|
|
|
6abd8c8 |
UINT8 *sha256hash, UINT8 *sha1hash)
|
|
|
6abd8c8 |
{
|
|
|
6abd8c8 |
EFI_GUID secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
|
|
|
6abd8c8 |
+ EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_dbx;
|
|
|
6abd8c8 |
|
|
|
6abd8c8 |
- if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha256hash,
|
|
|
6abd8c8 |
+ if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha256hash,
|
|
|
6abd8c8 |
SHA256_DIGEST_SIZE, EfiHashSha256Guid) ==
|
|
|
6abd8c8 |
DATA_FOUND)
|
|
|
6abd8c8 |
return EFI_ACCESS_DENIED;
|
|
|
6abd8c8 |
- if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha1hash,
|
|
|
6abd8c8 |
+ if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha1hash,
|
|
|
6abd8c8 |
SHA1_DIGEST_SIZE, EfiHashSha1Guid) ==
|
|
|
6abd8c8 |
DATA_FOUND)
|
|
|
6abd8c8 |
return EFI_ACCESS_DENIED;
|
|
|
6abd8c8 |
- if (check_db_cert_in_ram(vendor_dbx, vendor_dbx_size, cert,
|
|
|
6abd8c8 |
+ if (check_db_cert_in_ram(dbx, vendor_dbx_size, cert,
|
|
|
6abd8c8 |
sha256hash) == DATA_FOUND)
|
|
|
6abd8c8 |
return EFI_ACCESS_DENIED;
|
|
|
6abd8c8 |
|
|
|
6abd8c8 |
--
|
|
|
6abd8c8 |
1.8.2.1
|
|
|
6abd8c8 |
|