public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH 0/9] Fix false negative issue in DxeImageVerificationHandler
@ 2020-02-06 14:19 Wang, Jian J
  2020-02-06 14:19 ` [PATCH 1/9] SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575) Wang, Jian J
                   ` (9 more replies)
  0 siblings, 10 replies; 27+ messages in thread
From: Wang, Jian J @ 2020-02-06 14:19 UTC (permalink / raw)
  To: devel; +Cc: Jiewen Yao, Chao Zhang

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Patch branch: https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blacklist-check-via-signature

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>

Jian J Wang (8):
  SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0
    per DBX(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: fix wrong fetching dbx in
    IsAllowedByDb(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx in
    IsAllowedByDb(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code in
    IsAllowedByDb(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: Differentiate error and search
    result in IsCertHashFoundInDatabase(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: tighten default result of
    IsForbiddenByDbx()(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: Differentiate error and search
    result in IsSignatureFoundInDatabase(CVE-2019-14575)

Laszlo Ersek (1):
  SecurityPkg/DxeImageVerificationLib: plug Data leak in
    IsForbiddenByDbx()(CVE-2019-14575)

 .../DxeImageVerificationLib.c                 | 283 ++++++++++++------
 1 file changed, 191 insertions(+), 92 deletions(-)

-- 
2.24.0.windows.2


^ permalink raw reply	[flat|nested] 27+ messages in thread

end of thread, other threads:[~2020-02-14  3:33 UTC | newest]

Thread overview: 27+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-06 14:19 [PATCH 0/9] Fix false negative issue in DxeImageVerificationHandler Wang, Jian J
2020-02-06 14:19 ` [PATCH 1/9] SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575) Wang, Jian J
2020-02-13  9:34   ` Yao, Jiewen
2020-02-13 16:43   ` [edk2-devel] " Philippe Mathieu-Daudé
2020-02-06 14:19 ` [PATCH 2/9] SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX(CVE-2019-14575) Wang, Jian J
2020-02-13  9:36   ` Yao, Jiewen
2020-02-06 14:19 ` [PATCH 3/9] SecurityPkg/DxeImageVerificationLib: fix wrong fetching dbx in IsAllowedByDb(CVE-2019-14575) Wang, Jian J
2020-02-13  9:38   ` Yao, Jiewen
2020-02-06 14:19 ` [PATCH 4/9] SecurityPkg/DxeImageVerificationLib: avoid bypass in " Wang, Jian J
2020-02-13  9:39   ` Yao, Jiewen
2020-02-06 14:19 ` [PATCH 5/9] SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code " Wang, Jian J
2020-02-13  9:44   ` Yao, Jiewen
2020-02-06 14:19 ` [PATCH 6/9] SecurityPkg/DxeImageVerificationLib: Differentiate error and search result in IsCertHashFoundInDatabase(CVE-2019-14575) Wang, Jian J
2020-02-13 10:11   ` Yao, Jiewen
2020-02-13 15:07     ` Wang, Jian J
2020-02-14  0:54       ` Yao, Jiewen
2020-02-14  3:31         ` Wang, Jian J
2020-02-14  3:33           ` Yao, Jiewen
2020-02-06 14:19 ` [PATCH 7/9] SecurityPkg/DxeImageVerificationLib: tighten default result of IsForbiddenByDbx()(CVE-2019-14575) Wang, Jian J
2020-02-13 10:13   ` Yao, Jiewen
2020-02-06 14:19 ` [PATCH 8/9] SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx()(CVE-2019-14575) Wang, Jian J
2020-02-13 10:14   ` Yao, Jiewen
2020-02-13 16:56   ` [edk2-devel] " Philippe Mathieu-Daudé
2020-02-06 14:19 ` [PATCH 9/9] SecurityPkg/DxeImageVerificationLib: Differentiate error and search result in IsSignatureFoundInDatabase(CVE-2019-14575) Wang, Jian J
2020-02-13  9:02   ` [edk2-devel] " Zhang, Chao B
2020-02-13 10:20   ` Yao, Jiewen
2020-02-13  1:53 ` [edk2-devel] [PATCH 0/9] Fix false negative issue in DxeImageVerificationHandler Liming Gao

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox