From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 04 Sep 2019 00:52:39 -0700 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3FCE011A07; Wed, 4 Sep 2019 07:52:39 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-125.ams2.redhat.com [10.36.117.125]) by smtp.corp.redhat.com (Postfix) with ESMTP id A6F066092D; Wed, 4 Sep 2019 07:52:35 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Ard Biesheuvel , Jordan Justen , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v2] OvmfPkg/EnrollDefaultKeys: clean up Base64Decode() retval handling Date: Wed, 4 Sep 2019 09:52:33 +0200 Message-Id: <20190904075233.5005-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 04 Sep 2019 07:52:39 +0000 (UTC) Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Since commit 35e242b698cd ("MdePkg/BaseLib: rewrite Base64Decode()", 2019-07-16), Base64Decode() guarantees that DestinationSize is larger on output than it was on input if RETURN_BUFFER_TOO_SMALL is returned. Clean up the retval handling for the first Base64Decode() call in EnrollDefaultKeys, which used to work around the ambiguity in the previou= s Base64Decode() interface contract. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Philippe Mathieu-Daud=C3=A9 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1981 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: =20 - Repo: https://github.com/lersek/edk2.git Branch: enroll_base64_cleanup_bz1981_v2 =20 - pick up Phil's R-b: http://mid.mail-archive.com/d7e733d7-d32f-02ec-98ec-c121d6b406e0@re= dhat.com https://edk2.groups.io/g/devel/message/43771 =20 - update BZ reference from TianoCore#1891 to TianoCore#1981 (due to t= he patch being split off of the original series linked at : ) =20 - refer to the specific commit hash of patch "MdePkg/BaseLib: rewrite Base64Decode()" in the commit message =20 - no code changes OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/Enro= llDefaultKeys/EnrollDefaultKeys.c index f45cb799f726..302b80d97720 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -153,16 +153,10 @@ GetPkKek1 ( DecodedCertSize =3D 0; Status =3D Base64Decode (Base64Cert, Base64CertLen, NULL, &DecodedCert= Size); switch (Status) { case EFI_BUFFER_TOO_SMALL: - if (DecodedCertSize > 0) { - break; - } - // - // Fall through: the above Base64Decode() call is ill-specified in B= aseLib - // if Source decodes to zero bytes (for example if it consists of ig= nored - // whitespace only). - // + ASSERT (DecodedCertSize > 0); + break; case EFI_SUCCESS: AsciiPrint ("error: empty certificate after app prefix %g\n", &gOvmfPkKek1AppPrefixGuid); return EFI_PROTOCOL_ERROR; --=20 2.19.1.3.g30247aa5d201