From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3343.1581665266656025367 for ; Thu, 13 Feb 2020 23:27:57 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Feb 2020 23:27:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,439,1574150400"; d="scan'208";a="347904243" Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78]) by fmsmga001.fm.intel.com with ESMTP; 13 Feb 2020 23:27:56 -0800 From: "Wang, Jian J" To: devel@edk2.groups.io Cc: Jiewen Yao , Chao Zhang Subject: [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name(CVE-2019-14575) Date: Fri, 14 Feb 2020 15:27:45 +0800 Message-Id: <20200214072745.1570-11-jian.j.wang@intel.com> X-Mailer: git-send-email 2.24.0.windows.2 In-Reply-To: <20200214072745.1570-1-jian.j.wang@intel.com> References: <20200214072745.1570-1-jian.j.wang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable IsCertHashFoundInDatabase() is actually used only for searching dbx, according to the function logic, its comments and its use cases. Changing it to IsCertHashFoundInDbx to avoid confusion. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1608 Cc: Jiewen Yao Cc: Chao Zhang Signed-off-by: Jian J Wang --- .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati= onLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL= ib.c index 0e1587bc3c..b7fa8ea8c5 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -829,7 +829,7 @@ AddImageExeInfo ( =0D **/=0D EFI_STATUS=0D -IsCertHashFoundInDatabase (=0D +IsCertHashFoundInDbx (=0D IN UINT8 *Certificate,=0D IN UINTN CertSize,=0D IN EFI_SIGNATURE_LIST *SignatureList,=0D @@ -1362,7 +1362,7 @@ IsForbiddenByDbx ( //=0D CertPtr =3D CertPtr + sizeof (UINT32) + CertSize;=0D =0D - Status =3D IsCertHashFoundInDatabase (Cert, CertSize, (EFI_SIGNATURE_L= IST *)Data, DataSize, &RevocationTime, &IsFound);=0D + Status =3D IsCertHashFoundInDbx (Cert, CertSize, (EFI_SIGNATURE_LIST *= )Data, DataSize, &RevocationTime, &IsFound);=0D if (EFI_ERROR (Status)) {=0D //=0D // Error in searching dbx. Consider it as 'found'. RevocationTime mi= ght=0D @@ -1528,7 +1528,7 @@ IsAllowedByDb ( //=0D // Here We still need to check if this RootCert's Hash is revo= ked=0D //=0D - Status =3D IsCertHashFoundInDatabase (RootCert, RootCertSize, = (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);=0D + Status =3D IsCertHashFoundInDbx (RootCert, RootCertSize, (EFI_= SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);=0D if (EFI_ERROR (Status)) {=0D //=0D // Error in searching dbx. Consider it as 'found'. Revocatio= nTime might=0D --=20 2.24.0.windows.2