From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::42e; helo=mail-wr1-x42e.google.com; envelope-from=roman.bacik@broadcom.com; receiver=edk2-devel@lists.01.org Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E08DC202E5484 for ; Wed, 11 Jul 2018 08:44:10 -0700 (PDT) Received: by mail-wr1-x42e.google.com with SMTP id a3-v6so9433261wrt.2 for ; Wed, 11 Jul 2018 08:44:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rztlXNayA+DV4NE0B2uonEai38v8NheB6Bhy9lpXwZA=; b=EsXo2RKOIEs9mYwLcz9LsRd2u4Wf/rrcZHbL6+9UPpaUQu6JzZrMWIjk9i8t5/P6/x 0Du+JF0TkQhs0DE7cMjIGP5Mv2+NCpbD/UcCPbux/0bEMDiCUPg4PUctgAo+L8Jfy9iZ 80kL49f/Zj+KBYKkwVS7Tw7yMAstGbGcn2yg0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rztlXNayA+DV4NE0B2uonEai38v8NheB6Bhy9lpXwZA=; b=EEPzpNMx3FbPHTpi56TGxDXocV9h/3iQtOVKCAKHUEaqeHRsckGWkk5xUiujiuRxzw kx3AXy1K7++ta7gU/KZYXc9viTUxDah6vm4b2qjkWCvUXrzoYz75kgNBPED9u+u15xK0 Dn2kQItWdEP3j7qtLkgXxE+YOXabEFyyNhscHpJrQvn8k/pyANWwfac0danKs+8h3QuL ewVr8jb3yuw8brv+CHQ85cPpbpeKcycwTL1S99S8uMSYVvcGGm5ABrKMdNVUF1oSA+fM b/p2QQypWcxg1jrrVp4FP0nS50V1z2LHJ0/Krk2ZS/cOKKlazF6obKamodFccgRQegfN od2w== X-Gm-Message-State: AOUpUlHvIC8nsmSMSObEq1w9bT/3Wyz+lSbfgaZS7sJDwdDHn5yNOudo vyU5bwjmT3qkc+SnNGrSZO7Ngn5zh5APEbaWV3K0Yw== X-Google-Smtp-Source: AAOMgpfComvx6uLP8l6XS2nLeHLdfkGqbxYLSt9ZSHhA5KawZua6T/YO5NaxgM4DP+h/SYtDiWs6urtzKHljIowIbEM= X-Received: by 2002:adf:e3c5:: with SMTP id k5-v6mr4129683wrm.94.1531323848577; Wed, 11 Jul 2018 08:44:08 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:f505:0:0:0:0:0 with HTTP; Wed, 11 Jul 2018 08:43:28 -0700 (PDT) In-Reply-To: <20180710225105.28443-1-roman.bacik@broadcom.com> References: <20180710225105.28443-1-roman.bacik@broadcom.com> From: Roman Bacik Date: Wed, 11 Jul 2018 08:43:28 -0700 Message-ID: To: Roman Bacik Cc: edk2-devel@lists.01.org, Laszlo Ersek , Jiewen Yao , Vladimir Olovyannikov , Chao Zhang X-Content-Filtered-By: Mailman/MimeDel 2.1.27 Subject: Re: [PATCH v2] SecurityPkg: Fix assert when setting key from eMMC/SD/USB X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2018 15:44:11 -0000 Content-Type: text/plain; charset="UTF-8" Signed-off-by: Roman Bacik On Tue, Jul 10, 2018 at 3:51 PM, wrote: > From: Roman Bacik > > When secure boot is enabled, if one loads keys from a FAT formatted > eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu, > an assert in StrLen() occurs. > This is because the filename starts on odd address, which is not a uint16 > aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=1003 > > Cc: Chao Zhang > Cc: Jiewen Yao > Cc: Laszlo Ersek > Cc: Vladimir Olovyannikov > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Roman Bacik > --- > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c > | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/ > SecureBootConfigFileExplorer.c > index 1b6f88804275..19b13a5569a6 100644 > --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/ > SecureBootConfigFileExplorer.c > +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/ > SecureBootConfigFileExplorer.c > @@ -123,6 +123,8 @@ OpenFileByDevicePath( > EFI_FILE_PROTOCOL *Handle1; > EFI_FILE_PROTOCOL *Handle2; > EFI_HANDLE DeviceHandle; > + CHAR16 *PathName; > + UINTN PathLength; > > if ((FilePath == NULL || FileHandle == NULL)) { > return EFI_INVALID_PARAMETER; > @@ -173,6 +175,11 @@ OpenFileByDevicePath( > // > Handle2 = Handle1; > Handle1 = NULL; > + PathLength = DevicePathNodeLength(*FilePath) - > sizeof(EFI_DEVICE_PATH_PROTOCOL); > + PathName = AllocateCopyPool(PathLength, ((FILEPATH_DEVICE_PATH*)* > FilePath)->PathName); > + if (PathName == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > > // > // Try to test opening an existing file > @@ -180,7 +187,7 @@ OpenFileByDevicePath( > Status = Handle2->Open ( > Handle2, > &Handle1, > - ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > + PathName, > OpenMode &~EFI_FILE_MODE_CREATE, > 0 > ); > @@ -192,7 +199,7 @@ OpenFileByDevicePath( > Status = Handle2->Open ( > Handle2, > &Handle1, > - ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > + PathName, > OpenMode, > Attributes > ); > @@ -202,6 +209,8 @@ OpenFileByDevicePath( > // > Handle2->Close (Handle2); > > + FreePool (PathName); > + > if (EFI_ERROR(Status)) { > return (Status); > } > -- > 2.17.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel >