From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 83ED18221C for ; Wed, 22 Feb 2017 00:31:06 -0800 (PST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP; 22 Feb 2017 00:31:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,193,1484035200"; d="scan'208";a="67636658" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga005.jf.intel.com with ESMTP; 22 Feb 2017 00:31:06 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 22 Feb 2017 00:31:05 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.177]) with mapi id 14.03.0248.002; Wed, 22 Feb 2017 16:31:03 +0800 From: "Zhang, Chao B" To: "Zhang, Lubo" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" , "Long, Qin" Thread-Topic: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe. Thread-Index: AQHSi+231Myf9hBwTECo4fLqEGyyHaF0s6cA Date: Wed, 22 Feb 2017 08:31:03 +0000 Message-ID: References: <1487645605-11008-1-git-send-email-lubo.zhang@intel.com> In-Reply-To: <1487645605-11008-1-git-send-email-lubo.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [patch] SecurityPkg: Fix potential bug in Security Boot dxe. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 08:31:06 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Lubo=1B$B!'=1B(B If you change HASH algo definition, please also update SecureBootConfig= .vfr accordingly. Or you may keep SHA1 algo definition & keep RAW & MAX unchanged -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhan= g Lubo Sent: Tuesday, February 21, 2017 10:53 AM To: edk2-devel@lists.01.org Cc: Yao, Jiewen ; Zhang, Chao B ; Long, Qin Subject: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe= . since we removed the sha-1 definition in Hash table and related macro, but = the macro definition HashAlg index may be value 4 which is exceed the range= of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo Cc: Chao Zhang Cc: Long Qin Cc: Yao Jiewen --- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++--= ---- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.h index bea9470..58030c4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.h @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 =20 // // Support hash types // -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_RAW 0x00000005 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 =20 =20 typedef struct { UINTN Signature; LIST_ENTRY Head; -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel