From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120])
 by mx.groups.io with SMTP id smtpd.web12.5692.1581033884881254961
 for <devel@edk2.groups.io>;
 Thu, 06 Feb 2020 16:04:45 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dyq2Qej9;
 spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: philmd@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1581033884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=QUZ1mN6xuLX5Ws+lNB9gpByqYctf4WiPP7jg5EtCu+w=;
	b=dyq2Qej9l99DdAHeRQkMQRLzpI5dx/jkaMON/TXwOSAMv0WMtxVi/r9iFW1ujuy5gfdfV8
	+qb1Qv6M28fnMdMxEUHDVMgDUb7unqwg++AnS78VfiWtZ26jyflPla4sc+1KxHgMf/H+V8
	s7oTFaAtlU3BD4YwAaMwcHyjg4iNF2M=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-54-yl37sLWxNPSqryUhXOvhfg-1; Thu, 06 Feb 2020 19:04:42 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 17513107BA98;
	Fri,  7 Feb 2020 00:04:41 +0000 (UTC)
Received: from x1w.redhat.com (ovpn-204-120.brq.redhat.com [10.40.204.120])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 87B211001B05;
	Fri,  7 Feb 2020 00:04:39 +0000 (UTC)
From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= <philmd@redhat.com>
To: devel@edk2.groups.io
Cc: Philippe Mathieu-Daude <philmd@redhat.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH v2 1/1] SecurityPkg: Fix incorrect return value when File is NULL
Date: Fri,  7 Feb 2020 01:04:33 +0100
Message-Id: <20200207000433.32666-2-philmd@redhat.com>
In-Reply-To: <20200207000433.32666-1-philmd@redhat.com>
References: <20200207000433.32666-1-philmd@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-MC-Unique: yl37sLWxNPSqryUhXOvhfg-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers
are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype
can not return EFI_INVALID_PARAMETER.

The prototype documentation states it returns EFI_ACCESS_DENIED if:

  "The file specified by File and FileBuffer did not authenticate,
   and the platform policy dictates that the DXE Foundation may not
   use File."

Correct the documentation, and add a early check, returning
EFI_ACCESS_DENIED when File is NULL.

Noticed while reviewing commit 6d57592740cdd0b6868baeef7929d6e6fef.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
---
 .../DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c        | 9 ++++++++-
 .../Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c  | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLi=
b.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index 04b9b0d7fbf3..cabc0c6c7556 100644
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -384,7 +384,7 @@ Tcg2MeasurePeImage (
   and other exception operations.  The File parameter allows for possible =
logging
   within the SAP of the driver.
=20
-  If File is NULL, then EFI_INVALID_PARAMETER is returned.
+  If File is NULL, then EFI_ACCESS_DENIED is returned.
=20
   If the file specified by File with an authentication status specified by
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS i=
s returned.
@@ -435,6 +435,13 @@ DxeTpm2MeasureBootHandler (
   EFI_PHYSICAL_ADDRESS                FvAddress;
   UINT32                              Index;
=20
+  //
+  // Check for invalid parameters.
+  //
+  if (File =3D=3D NULL) {
+    return EFI_ACCESS_DENIED;
+  }
+
   Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &=
Tcg2Protocol);
   if (EFI_ERROR (Status)) {
     //
diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.=
c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index 1f2eed29a1df..dfaaa0f0b332 100644
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -678,7 +678,7 @@ TcgMeasurePeImage (
   and other exception operations.  The File parameter allows for possible =
logging
   within the SAP of the driver.
=20
-  If File is NULL, then EFI_INVALID_PARAMETER is returned.
+  If File is NULL, then EFI_ACCESS_DENIED is returned.
=20
   If the file specified by File with an authentication status specified by
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS i=
s returned.
@@ -732,6 +732,13 @@ DxeTpmMeasureBootHandler (
   EFI_PHYSICAL_ADDRESS                FvAddress;
   UINT32                              Index;
=20
+  //
+  // Check for invalid parameters.
+  //
+  if (File =3D=3D NULL) {
+    return EFI_ACCESS_DENIED;
+  }
+
   Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &T=
cgProtocol);
   if (EFI_ERROR (Status)) {
     //
--=20
2.21.1