public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v2 00/10] Fix false negative issue in DxeImageVerificationHandler
@ 2020-02-14  7:27 Wang, Jian J
  2020-02-14  7:27 ` [PATCH v2 01/10] SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575) Wang, Jian J
                   ` (10 more replies)
  0 siblings, 11 replies; 15+ messages in thread
From: Wang, Jian J @ 2020-02-14  7:27 UTC (permalink / raw)
  To: devel; +Cc: Jiewen Yao, Chao Zhang

> v2 changes:
>    - Change IsCertHashFoundInDatabase to IsCertHashFoundInDbx (patch 10)
>    - Update result handling to all calling to IsCertHashFoundInDatabase
>      to be consistent (patch 6)
>    - Fix commit message and title length issue caught by PatchCheck tool

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Patch branch: https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blacklist-check-via-signature-v2

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>

Jian J Wang (9):
  SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0
    per DBX(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in
    IsAllowedByDb(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching
    dbx(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching
    code(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: Differentiate error/search result
    (1)(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: tighten default
    result(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: Differentiate error/search result
    (2)(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase
    name(CVE-2019-14575)

Laszlo Ersek (1):
  SecurityPkg/DxeImageVerificationLib: plug Data leak in
    IsForbiddenByDbx()(CVE-2019-14575)

 .../DxeImageVerificationLib.c                 | 291 ++++++++++++------
 1 file changed, 198 insertions(+), 93 deletions(-)

-- 
2.24.0.windows.2


^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2020-02-17  7:51 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-14  7:27 [PATCH v2 00/10] Fix false negative issue in DxeImageVerificationHandler Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 01/10] SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 02/10] SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 03/10] SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in IsAllowedByDb(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 04/10] SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 05/10] SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 06/10] SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (1)(CVE-2019-14575) Wang, Jian J
2020-02-14  7:47   ` Yao, Jiewen
2020-02-14  7:27 ` [PATCH v2 07/10] SecurityPkg/DxeImageVerificationLib: tighten default result(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 08/10] SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx()(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 09/10] SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (2)(CVE-2019-14575) Wang, Jian J
2020-02-14  7:27 ` [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name(CVE-2019-14575) Wang, Jian J
2020-02-14  7:46   ` Yao, Jiewen
2020-02-17  7:48 ` [edk2-devel] [PATCH v2 00/10] Fix false negative issue in DxeImageVerificationHandler Laszlo Ersek
2020-02-17  7:51   ` Wang, Jian J

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox