From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A791221A134AE for ; Thu, 4 May 2017 18:36:20 -0700 (PDT) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP; 04 May 2017 18:36:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,290,1491289200"; d="scan'208";a="1164828732" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga002.fm.intel.com with ESMTP; 04 May 2017 18:36:19 -0700 Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 4 May 2017 18:36:18 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 4 May 2017 18:36:17 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.246]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.224]) with mapi id 14.03.0319.002; Fri, 5 May 2017 09:36:14 +0800 From: "Zhang, Chao B" To: "Long, Qin" CC: "edk2-devel@lists.01.org" Thread-Topic: [edk2] [Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents Thread-Index: AQHSw+/Kmy77x2pKzk26VwDrFgQp0KHk+Acw Date: Fri, 5 May 2017 01:36:14 +0000 Message-ID: References: <20170503092850.8460-1-qin.long@intel.com> In-Reply-To: <20170503092850.8460-1-qin.long@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2017 01:36:20 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Chao Zhang -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Qin = Long Sent: Wednesday, May 3, 2017 5:29 PM To: Zhang, Chao B Cc: edk2-devel@lists.01.org Subject: [edk2] [Patch] SecurityPkg/Pkcs7VerifyDxe: Add format check in DB = list contents Add the size check for invalid format detection in AllowedDb, RevokedDb and= TimeStampDb list contents. Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- .../Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 66 ++++++++++++++++++= ++-- 1 file changed, 60 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/Secu= rityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 07fdf552be..3776f903d4 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -5,7 +5,7 @@ verify data signed using PKCS7 structure. The PKCS7 data to be verified = must be ASN.1 (DER) encoded. =20 -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -801,11 +8= 01,13 @@ VerifyBuffer ( IN OUT UINTN *ContentSize ) { - EFI_STATUS Status; - UINT8 *AttachedData; - UINTN AttachedDataSize; - UINT8 *DataPtr; - UINTN DataSize; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigList; + UINTN Index; + UINT8 *AttachedData; + UINTN AttachedDataSize; + UINT8 *DataPtr; + UINTN DataSize; =20 // // Parameters Checking @@ -818,6 +820,58 @@ VerifyBuffer ( } =20 // + // Check if any invalid entry format in AllowedDb list contents // =20 + for (Index =3D 0; ; Index++) { + SigList =3D (EFI_SIGNATURE_LIST *)(AllowedDb[Index]); + + if (SigList =3D=3D NULL) { + break; + } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize + + SigList->SignatureSize) { + return EFI_ABORTED; + } + } + + // + // Check if any invalid entry format in RevokedDb list contents // =20 + if (RevokedDb !=3D NULL) { + for (Index =3D 0; ; Index++) { + SigList =3D (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + + if (SigList =3D=3D NULL) { + break; + } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize + + SigList->SignatureSize) { + return EFI_ABORTED; + } + } + } + + // + // Check if any invalid entry format in TimeStampDb list contents // =20 + if (TimeStampDb !=3D NULL) { + for (Index =3D 0; ; Index++) { + SigList =3D (EFI_SIGNATURE_LIST *)(TimeStampDb[Index]); + + if (SigList =3D=3D NULL) { + break; + } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize + + SigList->SignatureSize) { + return EFI_ABORTED; + } + } + } + + // // Try to retrieve the attached content from PKCS7 signedData // AttachedData =3D NULL; -- 2.12.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel