From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7A4972063D77A for ; Mon, 16 Jul 2018 08:50:43 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Jul 2018 08:50:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,361,1526367600"; d="scan'208";a="216426378" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga004.jf.intel.com with ESMTP; 16 Jul 2018 08:50:35 -0700 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 16 Jul 2018 08:50:34 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 16 Jul 2018 08:50:34 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.17]) with mapi id 14.03.0319.002; Mon, 16 Jul 2018 23:50:32 +0800 From: "Yao, Jiewen" To: "Zhang, Chao B" , "rbacik@gmail.com" , "edk2-devel@lists.01.org" CC: Laszlo Ersek , Vladimir Olovyannikov Thread-Topic: [PATCH v2] SecurityPkg: Fix assert when setting key from eMMC/SD/USB Thread-Index: AQHUGKCBhiamTwZQ50m2Jv2sVGai2KSRdq4AgACRRxA= Date: Mon, 16 Jul 2018 15:50:32 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503ACAC712@shsmsx102.ccr.corp.intel.com> References: <20180710225105.28443-1-roman.bacik@broadcom.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTQzMDcyMmQtNjJhYi00YmM5LWIyMjMtYTZjZTFlNDEzMDdhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibFdRZzJ2UkxiM08yWlNNRURpaTlHVTVLekwwM1pSTGNVVko0T1hmUTZyUWNOQk54UUxDRFdMMWRJVllRUXRhSSJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] SecurityPkg: Fix assert when setting key from eMMC/SD/USB X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2018 15:50:43 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Laszlo already filed one - https://bugzilla.tianocore.org/show_bug.cgi?id= =3D1008 I suggest we add to UefiLib instead of fixing all individual driver. Thank you Yao Jiewen > -----Original Message----- > From: Zhang, Chao B > Sent: Monday, July 16, 2018 11:10 PM > To: rbacik@gmail.com; edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Laszlo Ersek ; > Vladimir Olovyannikov > Subject: RE: [PATCH v2] SecurityPkg: Fix assert when setting key from > eMMC/SD/USB >=20 > Hi Bacik: > Tks for the fix. Would you please file another report in Bugzilla for = RamDisk > & Tls Configuration driver? They have same issue as SecureBootConfig driv= er >=20 > -----Original Message----- > From: rbacik@gmail.com [mailto:rbacik@gmail.com] > Sent: Wednesday, July 11, 2018 6:51 AM > To: edk2-devel@lists.01.org > Cc: Zhang, Chao B ; Yao, Jiewen > ; Laszlo Ersek ; Vladimir > Olovyannikov > Subject: [PATCH v2] SecurityPkg: Fix assert when setting key from > eMMC/SD/USB >=20 > From: Roman Bacik >=20 > When secure boot is enabled, if one loads keys from a FAT formatted > eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu, an > assert in StrLen() occurs. > This is because the filename starts on odd address, which is not a uint16 > aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1003 >=20 > Cc: Chao Zhang > Cc: Jiewen Yao > Cc: Laszlo Ersek > Cc: Vladimir Olovyannikov > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Roman Bacik > --- >=20 > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFil > eExplorer.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) >=20 > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > FileExplorer.c > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > FileExplorer.c > index 1b6f88804275..19b13a5569a6 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > FileExplorer.c > +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigFileExplorer.c > @@ -123,6 +123,8 @@ OpenFileByDevicePath( > EFI_FILE_PROTOCOL *Handle1; > EFI_FILE_PROTOCOL *Handle2; > EFI_HANDLE DeviceHandle; > + CHAR16 *PathName; > + UINTN PathLength; >=20 > if ((FilePath =3D=3D NULL || FileHandle =3D=3D NULL)) { > return EFI_INVALID_PARAMETER; > @@ -173,6 +175,11 @@ OpenFileByDevicePath( > // > Handle2 =3D Handle1; > Handle1 =3D NULL; > + PathLength =3D DevicePathNodeLength(*FilePath) - > sizeof(EFI_DEVICE_PATH_PROTOCOL); > + PathName =3D AllocateCopyPool(PathLength, > ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName); > + if (PathName =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } >=20 > // > // Try to test opening an existing file @@ -180,7 +187,7 @@ > OpenFileByDevicePath( > Status =3D Handle2->Open ( > Handle2, > &Handle1, > - > ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > + PathName, > OpenMode &~EFI_FILE_MODE_CREATE, > 0 > ); > @@ -192,7 +199,7 @@ OpenFileByDevicePath( > Status =3D Handle2->Open ( > Handle2, > &Handle1, > - > ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > + PathName, > OpenMode, > Attributes > ); > @@ -202,6 +209,8 @@ OpenFileByDevicePath( > // > Handle2->Close (Handle2); >=20 > + FreePool (PathName); > + > if (EFI_ERROR(Status)) { > return (Status); > } > -- > 2.17.1