From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Tue, 02 Jul 2019 03:29:04 -0700 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2172C10C94; Tue, 2 Jul 2019 10:29:01 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-172.ams2.redhat.com [10.36.117.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id CDBCA19732; Tue, 2 Jul 2019 10:28:55 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Ard Biesheuvel , Jordan Justen , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH 3/3] OvmfPkg/EnrollDefaultKeys: clean up Base64Decode() retval handling Date: Tue, 2 Jul 2019 12:28:36 +0200 Message-Id: <20190702102836.27589-4-lersek@redhat.com> In-Reply-To: <20190702102836.27589-1-lersek@redhat.com> References: <20190702102836.27589-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 02 Jul 2019 10:29:03 +0000 (UTC) Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Base64Decode() now guarantees that DestinationSize is larger on output than it was on input if RETURN_BUFFER_TOO_SMALL is returned. Clean up the retval handling for the first Base64Decode() call in EnrollDefaultKeys, which used to work around the ambiguity in the previous Base64Decode() interface contract. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Philippe Mathieu-Daud=C3=A9 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1891 Signed-off-by: Laszlo Ersek --- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/Enro= llDefaultKeys/EnrollDefaultKeys.c index f45cb799f726..302b80d97720 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -154,14 +154,8 @@ GetPkKek1 ( Status =3D Base64Decode (Base64Cert, Base64CertLen, NULL, &DecodedCert= Size); switch (Status) { case EFI_BUFFER_TOO_SMALL: - if (DecodedCertSize > 0) { - break; - } - // - // Fall through: the above Base64Decode() call is ill-specified in B= aseLib - // if Source decodes to zero bytes (for example if it consists of ig= nored - // whitespace only). - // + ASSERT (DecodedCertSize > 0); + break; case EFI_SUCCESS: AsciiPrint ("error: empty certificate after app prefix %g\n", &gOvmfPkKek1AppPrefixGuid); --=20 2.19.1.3.g30247aa5d201