[Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Qin Long <qin.long@intel.com>
To: chao.b.zhang@intel.com
Cc: edk2-devel@lists.01.org
Subject: [Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents
Date: Wed,  3 May 2017 17:28:50 +0800	[thread overview]
Message-ID: <20170503092850.8460-1-qin.long@intel.com> (raw)

Add the size check for invalid format detection in AllowedDb,
RevokedDb and TimeStampDb list contents.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
 .../Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c    | 66 ++++++++++++++++++++--
 1 file changed, 60 insertions(+), 6 deletions(-)

diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index 07fdf552be..3776f903d4 100644
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -5,7 +5,7 @@
   verify data signed using PKCS7 structure. The PKCS7 data to be verified must
   be ASN.1 (DER) encoded.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -801,11 +801,13 @@ VerifyBuffer (
   IN OUT UINTN                    *ContentSize
   )
 {
-  EFI_STATUS  Status;
-  UINT8       *AttachedData;
-  UINTN       AttachedDataSize;
-  UINT8       *DataPtr;
-  UINTN       DataSize;
+  EFI_STATUS          Status;
+  EFI_SIGNATURE_LIST  *SigList;
+  UINTN               Index;
+  UINT8               *AttachedData;
+  UINTN               AttachedDataSize;
+  UINT8               *DataPtr;
+  UINTN               DataSize;
 
   //
   // Parameters Checking
@@ -818,6 +820,58 @@ VerifyBuffer (
   }
 
   //
+  // Check if any invalid entry format in AllowedDb list contents
+  //
+  for (Index = 0; ; Index++) {
+    SigList = (EFI_SIGNATURE_LIST *)(AllowedDb[Index]);
+
+    if (SigList == NULL) {
+      break;
+    }
+    if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
+                                     SigList->SignatureHeaderSize +
+                                     SigList->SignatureSize) {
+      return EFI_ABORTED;
+    }
+  }
+
+  //
+  // Check if any invalid entry format in RevokedDb list contents
+  //
+  if (RevokedDb != NULL) {
+    for (Index = 0; ; Index++) {
+      SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]);
+
+      if (SigList == NULL) {
+        break;
+      }
+      if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
+                                       SigList->SignatureHeaderSize +
+                                       SigList->SignatureSize) {
+        return EFI_ABORTED;
+      }
+    }
+  }
+
+  //
+  // Check if any invalid entry format in TimeStampDb list contents
+  //
+  if (TimeStampDb != NULL) {
+    for (Index = 0; ; Index++) {
+      SigList = (EFI_SIGNATURE_LIST *)(TimeStampDb[Index]);
+
+      if (SigList == NULL) {
+        break;
+      }
+      if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
+                                       SigList->SignatureHeaderSize +
+                                       SigList->SignatureSize) {
+        return EFI_ABORTED;
+      }
+    }
+  }
+
+  //
   // Try to retrieve the attached content from PKCS7 signedData
   //
   AttachedData     = NULL;
-- 
2.12.2.windows.1

next             reply	other threads:[~2017-05-03  9:29 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-03  9:28 Qin Long [this message]
2017-05-05  1:36 ` [Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents Zhang, Chao B

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:07fdf552b dfblob:3776f903d )
 OR (
bs:"[Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170503092850.8460-1-qin.long@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox