From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web11.3480.1581075469817522465 for ; Fri, 07 Feb 2020 03:37:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AAO2Tib2; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1581075468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yS6/a82jLiZmiuSNvwZkYMyUIskFrplkyIDGVoDH5w0=; b=AAO2Tib2HyBHQpYUtUB3mzzTN9DddB0FpH/hGltM/nDGvQC7E+RyRk3raSqSkaQt+MkS6x 8E1VekOqIWsqZTJLJ+y11ot8k+SIUZPm3/Xl/YctY1GW92ge+5paiwf49VoUGxY/PbYcwj jQ66bLmoMSfz8LTy4WRAxq25sWR/nZM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-432-TLCzYp2dOAi361uyPvEdcQ-1; Fri, 07 Feb 2020 06:37:44 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9ABB2A0CCB; Fri, 7 Feb 2020 11:37:43 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-138.ams2.redhat.com [10.36.117.138]) by smtp.corp.redhat.com (Postfix) with ESMTP id A8F76100194E; Fri, 7 Feb 2020 11:37:39 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg: Fix incorrect return value when File is NULL To: devel@edk2.groups.io, philmd@redhat.com Cc: Jiewen Yao , Jian J Wang , Chao Zhang References: <20200207000433.32666-1-philmd@redhat.com> <20200207000433.32666-2-philmd@redhat.com> From: "Laszlo Ersek" Message-ID: Date: Fri, 7 Feb 2020 12:37:38 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20200207000433.32666-2-philmd@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: TLCzYp2dOAi361uyPvEdcQ-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 02/07/20 01:04, Philippe Mathieu-Daud=C3=A9 wrote: > The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers > are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype > can not return EFI_INVALID_PARAMETER. >=20 > The prototype documentation states it returns EFI_ACCESS_DENIED if: >=20 > "The file specified by File and FileBuffer did not authenticate, > and the platform policy dictates that the DXE Foundation may not > use File." >=20 > Correct the documentation, and add a early check, returning > EFI_ACCESS_DENIED when File is NULL. >=20 > Noticed while reviewing commit 6d57592740cdd0b6868baeef7929d6e6fef. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Signed-off-by: Philippe Mathieu-Daude > --- > .../DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 9 ++++++++- > .../Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 9 ++++++++- > 2 files changed, 16 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBoot= Lib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > index 04b9b0d7fbf3..cabc0c6c7556 100644 > --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > @@ -384,7 +384,7 @@ Tcg2MeasurePeImage ( > and other exception operations. The File parameter allows for possibl= e logging > within the SAP of the driver. > =20 > - If File is NULL, then EFI_INVALID_PARAMETER is returned. > + If File is NULL, then EFI_ACCESS_DENIED is returned. > =20 > If the file specified by File with an authentication status specified = by > AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS= is returned. > @@ -435,6 +435,13 @@ DxeTpm2MeasureBootHandler ( > EFI_PHYSICAL_ADDRESS FvAddress; > UINT32 Index; > =20 > + // > + // Check for invalid parameters. > + // > + if (File =3D=3D NULL) { > + return EFI_ACCESS_DENIED; > + } > + > Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)= &Tcg2Protocol); > if (EFI_ERROR (Status)) { > // > diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLi= b.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > index 1f2eed29a1df..dfaaa0f0b332 100644 > --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > @@ -678,7 +678,7 @@ TcgMeasurePeImage ( > and other exception operations. The File parameter allows for possibl= e logging > within the SAP of the driver. > =20 > - If File is NULL, then EFI_INVALID_PARAMETER is returned. > + If File is NULL, then EFI_ACCESS_DENIED is returned. > =20 > If the file specified by File with an authentication status specified = by > AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS= is returned. > @@ -732,6 +732,13 @@ DxeTpmMeasureBootHandler ( > EFI_PHYSICAL_ADDRESS FvAddress; > UINT32 Index; > =20 > + // > + // Check for invalid parameters. > + // > + if (File =3D=3D NULL) { > + return EFI_ACCESS_DENIED; > + } > + > Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) = &TcgProtocol); > if (EFI_ERROR (Status)) { > // >=20 Reviewed-by: Laszlo Ersek