From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65])
 by mx.groups.io with SMTP id smtpd.web11.20804.1628502713261556675
 for <devel@edk2.groups.io>;
 Mon, 09 Aug 2021 02:51:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@posteo.de header.s=2017 header.b=Z1gLbCcg;
 spf=pass (domain: posteo.de, ip: 185.67.36.65, mailfrom: mhaeuser@posteo.de)
Received: from submission (posteo.de [89.146.220.130]) 
	by mout01.posteo.de (Postfix) with ESMTPS id 19F6D24002C
	for <devel@edk2.groups.io>; Mon,  9 Aug 2021 11:51:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
	t=1628502711; bh=6vr++xY+OPlerpCuhbGAhUJ8f17Q7XG0+946CjiBa5A=;
	h=From:To:Cc:Subject:Date:From;
	b=Z1gLbCcgpawxIKKCcn7LctQaFuuynEUVmL3Q6fpbO3eT4JXaU1XhpiyKuoOFp05TR
	 A+E/ebvj+noVxLxZxPfcmMIo5vXAfHkQhhxw6GNjdN7hgGc7sWZcEIVhsJDuVBXVto
	 KFORcSzlxQP2d3cJgpwbtUpjmv8U1saSgHiyT94BP4pG08OyrfKbGCtLLKU8AUFu6X
	 70PuXeUCJvjZVvhU57AWxmSIEOGrRT6S0sZQsgvUcANUY32Q/WjRVKDVO2DmMaGAcF
	 Xp0nWkJz4RFTxb5XldY+Mt4t5KBUx+2TvWMroGQ79yil6rYRNZG0DiSzObpo//E1Xg
	 43+wY7F0bFGLw==
Received: from customer (localhost [127.0.0.1])
	by submission (posteo.de) with ESMTPSA id 4Gjrvp4k68z6tmK;
	Mon,  9 Aug 2021 11:51:50 +0200 (CEST)
From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= <mhaeuser@posteo.de>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Min Xu <min.m.xu@intel.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [PATCH v2 1/2] SecurityPkg/DxeImageVerificationLib: Fix certificate lookup algorithm
Date: Mon,  9 Aug 2021 09:51:23 +0000
Message-Id: <c004d6524b591d813d0f33d78a2a94263c4471ba.1628501623.git.mhaeuser@posteo.de>
In-Reply-To: <cover.1628502345.git.mhaeuser@posteo.de>
References: <cover.1628502345.git.mhaeuser@posteo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

The current certificate lookup code does not check the bounds of the
authentication data before accessing it. Abort if the header cannot
fit. Also, the lookup code aborts once the authetication data is
smaller than an algorithm's OID size. As OIDs are variably-sized,
this may cause unexpected authentication failure due to the early
error-exit.

Additionally move the two-byte encoding check out of the loop as the
data is invariant.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin H=C3=A4user <mhaeuser@posteo.de>
---
 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 43=
 +++++++++++---------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati=
onLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL=
ib.c
index c48861cd6496..6615099baafb 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -624,30 +624,33 @@ HashPeImageByType (
 {=0D
   UINT8                     Index;=0D
 =0D
+  if (AuthDataSize < 32) {=0D
+    return EFI_UNSUPPORTED;=0D
+  }=0D
+  //=0D
+  // Check the Hash algorithm in PE/COFF Authenticode.=0D
+  //    According to PKCS#7 Definition:=0D
+  //        SignedData ::=3D SEQUENCE {=0D
+  //            version Version,=0D
+  //            digestAlgorithms DigestAlgorithmIdentifiers,=0D
+  //            contentInfo ContentInfo,=0D
+  //            .... }=0D
+  //    The DigestAlgorithmIdentifiers can be used to determine the hash a=
lgorithm in PE/COFF hashing=0D
+  //    This field has the fixed offset (+32) in final Authenticode ASN.1 =
data.=0D
+  //    Fixed offset (+32) is calculated based on two bytes of length enco=
ding.=0D
+  //=0D
+  if ((*(AuthData + 1) & TWO_BYTE_ENCODE) !=3D TWO_BYTE_ENCODE) {=0D
+    //=0D
+    // Only support two bytes of Long Form of Length Encoding.=0D
+    //=0D
+    return EFI_UNSUPPORTED;=0D
+  }=0D
+=0D
   for (Index =3D 0; Index < HASHALG_MAX; Index++) {=0D
-    //=0D
-    // Check the Hash algorithm in PE/COFF Authenticode.=0D
-    //    According to PKCS#7 Definition:=0D
-    //        SignedData ::=3D SEQUENCE {=0D
-    //            version Version,=0D
-    //            digestAlgorithms DigestAlgorithmIdentifiers,=0D
-    //            contentInfo ContentInfo,=0D
-    //            .... }=0D
-    //    The DigestAlgorithmIdentifiers can be used to determine the hash=
 algorithm in PE/COFF hashing=0D
-    //    This field has the fixed offset (+32) in final Authenticode ASN.=
1 data.=0D
-    //    Fixed offset (+32) is calculated based on two bytes of length en=
coding.=0D
-    //=0D
-    if ((*(AuthData + 1) & TWO_BYTE_ENCODE) !=3D TWO_BYTE_ENCODE) {=0D
-      //=0D
-      // Only support two bytes of Long Form of Length Encoding.=0D
-      //=0D
+    if (AuthDataSize - 32 < mHash[Index].OidLength) {=0D
       continue;=0D
     }=0D
 =0D
-    if (AuthDataSize < 32 + mHash[Index].OidLength) {=0D
-      return EFI_UNSUPPORTED;=0D
-    }=0D
-=0D
     if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].Oid=
Length) =3D=3D 0) {=0D
       break;=0D
     }=0D
--=20
2.31.1