From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.24; helo=mga09.intel.com;
 envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7A4972063D77A
 for <edk2-devel@lists.01.org>; Mon, 16 Jul 2018 08:50:43 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Jul 2018 08:50:42 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,361,1526367600"; d="scan'208";a="216426378"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
 by orsmga004.jf.intel.com with ESMTP; 16 Jul 2018 08:50:35 -0700
Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Mon, 16 Jul 2018 08:50:34 -0700
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Mon, 16 Jul 2018 08:50:34 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.17]) with mapi id 14.03.0319.002;
 Mon, 16 Jul 2018 23:50:32 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Zhang, Chao B" <chao.b.zhang@intel.com>, "rbacik@gmail.com"
 <rbacik@gmail.com>, "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
CC: Laszlo Ersek <lersek@redhat.com>, Vladimir Olovyannikov
 <vladimir.olovyannikov@broadcom.com>
Thread-Topic: [PATCH v2] SecurityPkg: Fix assert when setting key from
 eMMC/SD/USB
Thread-Index: AQHUGKCBhiamTwZQ50m2Jv2sVGai2KSRdq4AgACRRxA=
Date: Mon, 16 Jul 2018 15:50:32 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503ACAC712@shsmsx102.ccr.corp.intel.com>
References: <20180710225105.28443-1-roman.bacik@broadcom.com>
 <FF72C7E4248F3C4E9BDF19D4918E90F24980AE62@SHSMSX101.ccr.corp.intel.com>
In-Reply-To: <FF72C7E4248F3C4E9BDF19D4918E90F24980AE62@SHSMSX101.ccr.corp.intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTQzMDcyMmQtNjJhYi00YmM5LWIyMjMtYTZjZTFlNDEzMDdhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibFdRZzJ2UkxiM08yWlNNRURpaTlHVTVLekwwM1pSTGNVVko0T1hmUTZyUWNOQk54UUxDRFdMMWRJVllRUXRhSSJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2] SecurityPkg: Fix assert when setting key from eMMC/SD/USB
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 15:50:43 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Laszlo already filed one - https://bugzilla.tianocore.org/show_bug.cgi?id=
=3D1008

I suggest we add to UefiLib instead of fixing all individual driver.

Thank you
Yao Jiewen


> -----Original Message-----
> From: Zhang, Chao B
> Sent: Monday, July 16, 2018 11:10 PM
> To: rbacik@gmail.com; edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>;
> Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
> Subject: RE: [PATCH v2] SecurityPkg: Fix assert when setting key from
> eMMC/SD/USB
>=20
> Hi Bacik:
>    Tks for the fix. Would you please file another report in Bugzilla for =
RamDisk
> & Tls Configuration driver? They have same issue as SecureBootConfig driv=
er
>=20
> -----Original Message-----
> From: rbacik@gmail.com [mailto:rbacik@gmail.com]
> Sent: Wednesday, July 11, 2018 6:51 AM
> To: edk2-devel@lists.01.org
> Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Vladimir
> Olovyannikov <vladimir.olovyannikov@broadcom.com>
> Subject: [PATCH v2] SecurityPkg: Fix assert when setting key from
> eMMC/SD/USB
>=20
> From: Roman Bacik <roman.bacik@broadcom.com>
>=20
> When secure boot is enabled, if one loads keys from a FAT formatted
> eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu, an
> assert in StrLen() occurs.
> This is because the filename starts on odd address, which is not a uint16
> aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1003
>=20
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
> ---
>=20
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFil
> eExplorer.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
>=20
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig
> FileExplorer.c
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig
> FileExplorer.c
> index 1b6f88804275..19b13a5569a6 100644
> ---
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig
> FileExplorer.c
> +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
> +++ nfigFileExplorer.c
> @@ -123,6 +123,8 @@ OpenFileByDevicePath(
>    EFI_FILE_PROTOCOL               *Handle1;
>    EFI_FILE_PROTOCOL               *Handle2;
>    EFI_HANDLE                      DeviceHandle;
> +  CHAR16                          *PathName;
> +  UINTN                           PathLength;
>=20
>    if ((FilePath =3D=3D NULL || FileHandle =3D=3D NULL)) {
>      return EFI_INVALID_PARAMETER;
> @@ -173,6 +175,11 @@ OpenFileByDevicePath(
>      //
>      Handle2  =3D Handle1;
>      Handle1 =3D NULL;
> +    PathLength =3D DevicePathNodeLength(*FilePath) -
> sizeof(EFI_DEVICE_PATH_PROTOCOL);
> +    PathName =3D AllocateCopyPool(PathLength,
> ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName);
> +    if (PathName =3D=3D NULL) {
> +      return EFI_OUT_OF_RESOURCES;
> +    }
>=20
>      //
>      // Try to test opening an existing file @@ -180,7 +187,7 @@
> OpenFileByDevicePath(
>      Status =3D Handle2->Open (
>                            Handle2,
>                            &Handle1,
> -
> ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
> +                          PathName,
>                            OpenMode &~EFI_FILE_MODE_CREATE,
>                            0
>                           );
> @@ -192,7 +199,7 @@ OpenFileByDevicePath(
>        Status =3D Handle2->Open (
>                              Handle2,
>                              &Handle1,
> -
> ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
> +                            PathName,
>                              OpenMode,
>                              Attributes
>                             );
> @@ -202,6 +209,8 @@ OpenFileByDevicePath(
>      //
>      Handle2->Close (Handle2);
>=20
> +    FreePool (PathName);
> +
>      if (EFI_ERROR(Status)) {
>        return (Status);
>      }
> --
> 2.17.1