From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 3CD62202E6144
 for <edk2-devel@lists.01.org>; Mon, 16 Oct 2017 03:34:58 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id DDF1420276;
 Mon, 16 Oct 2017 10:38:32 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com DDF1420276
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=lersek@redhat.com
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-250.rdu2.redhat.com
 [10.10.120.250])
 by smtp.corp.redhat.com (Postfix) with ESMTP id DFF2760618;
 Mon, 16 Oct 2017 10:38:31 +0000 (UTC)
To: chenc2 <chen.a.chen@intel.com>, edk2-devel@lists.01.org
Cc: Wu Hao A <hao.a.wu@intel.com>, "Cc : Zhang Chao B" <chao.b.zhang@intel.com>
References: <20171016084353.10212-1-chen.a.chen@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <7cf3d25a-3c81-943c-b2ef-b557679c5b8e@redhat.com>
Date: Mon, 16 Oct 2017 12:38:30 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <20171016084353.10212-1-chen.a.chen@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.29]); Mon, 16 Oct 2017 10:38:33 +0000 (UTC)
Subject: Re: [PATCH] SecurityPkg/AuthVariableLib: Fix ptr bad arithmetic.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 10:34:59 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 10/16/17 10:43, chenc2 wrote:
> Use variable instead of sizeof(UINT8) and sizeof(UINT32) to
> avoid bad arithmetic of pointer.
> 
> Cc: chenc2 <chen.a.chen@intel.com>
> Cc: Wu Hao A <hao.a.wu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Cc: Zhang Chao B <chao.b.zhang@intel.com>
> ---
>  SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 ++++++++++----
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> index 7188ff6008..d6387d5ea6 100644
> --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
> +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> @@ -2289,6 +2289,8 @@ VerifyTimeBasedPayload (
>    UINT8                            *CertsInCertDb;
>    UINT32                           CertsSizeinDb;
>    UINT8                            Sha256Digest[SHA256_DIGEST_SIZE];
> +  UINTN                            Offset1;
> +  UINTN                            Offset2;
>  
>    //
>    // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
> @@ -2559,9 +2561,11 @@ VerifyTimeBasedPayload (
>          //
>          // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
>          //
> +        Offset1 = sizeof (UINT8) + sizeof (UINT32);
> +        Offset2 = sizeof (UINT8);
>          Status = CalculatePrivAuthVarSignChainSHA256Digest(
> -                   SignerCerts + sizeof(UINT8) + sizeof(UINT32),
> -                   ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
> +                   SignerCerts + Offset1,
> +                   ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
>                     TopLevelCert,
>                     TopLevelCertSize,
>                     Sha256Digest
> @@ -2596,12 +2600,14 @@ VerifyTimeBasedPayload (
>        //
>        // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
>        //
> +      Offset1 = sizeof (UINT8) + sizeof (UINT32);
> +      Offset2 = sizeof (UINT8);
>        Status = InsertCertsToDb (
>                   VariableName,
>                   VendorGuid,
>                   Attributes,
> -                 SignerCerts + sizeof(UINT8) + sizeof(UINT32),
> -                 ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
> +                 SignerCerts + Offset1,
> +                 ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
>                   TopLevelCert,
>                   TopLevelCertSize
>                   );
> 

I don't understand how this patch makes any difference.

Thanks
Laszlo