summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAKASHI Takahiro <takahiro.akashi@linaro.org>2020-07-08 08:01:53 +0300
committerHeinrich Schuchardt <xypron.glpk@gmx.de>2020-07-12 00:14:15 +0300
commiteb537fd7eb05665a088766128eebd45b585679d3 (patch)
tree2d5d9b97d5965ad5d3a3529277d6b86cc60004dd /lib
parent1a44b7059c183a227f2fc4519df24da09d403cba (diff)
downloadu-boot-eb537fd7eb05665a088766128eebd45b585679d3.tar.xz
efi_loader: image_loader: retrieve authenticode only if it exists
Since the certificate table, which is indexed by IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image, doesn't always exist, we should make sure that we will retrieve its pointer only if it exists. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Diffstat (limited to 'lib')
-rw-r--r--lib/efi_loader/efi_image_loader.c29
1 files changed, 21 insertions, 8 deletions
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 9b01e1ec90..de230409e3 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -267,6 +267,8 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
dos = (void *)efi;
nt = (void *)(efi + dos->e_lfanew);
+ authoff = 0;
+ authsz = 0;
/*
* Count maximum number of regions to be digested.
@@ -305,25 +307,36 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
efi_image_region_add(regs,
&opt->DataDirectory[ctidx] + 1,
efi + opt->SizeOfHeaders, 0);
+
+ authoff = opt->DataDirectory[ctidx].VirtualAddress;
+ authsz = opt->DataDirectory[ctidx].Size;
}
bytes_hashed = opt->SizeOfHeaders;
align = opt->FileAlignment;
- authoff = opt->DataDirectory[ctidx].VirtualAddress;
- authsz = opt->DataDirectory[ctidx].Size;
} else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader;
+ /* Skip CheckSum */
efi_image_region_add(regs, efi, &opt->CheckSum, 0);
- efi_image_region_add(regs, &opt->Subsystem,
- &opt->DataDirectory[ctidx], 0);
- efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1,
- efi + opt->SizeOfHeaders, 0);
+ if (nt->OptionalHeader.NumberOfRvaAndSizes <= ctidx) {
+ efi_image_region_add(regs,
+ &opt->Subsystem,
+ efi + opt->SizeOfHeaders, 0);
+ } else {
+ /* Skip Certificates Table */
+ efi_image_region_add(regs, &opt->Subsystem,
+ &opt->DataDirectory[ctidx], 0);
+ efi_image_region_add(regs,
+ &opt->DataDirectory[ctidx] + 1,
+ efi + opt->SizeOfHeaders, 0);
+
+ authoff = opt->DataDirectory[ctidx].VirtualAddress;
+ authsz = opt->DataDirectory[ctidx].Size;
+ }
bytes_hashed = opt->SizeOfHeaders;
align = opt->FileAlignment;
- authoff = opt->DataDirectory[ctidx].VirtualAddress;
- authsz = opt->DataDirectory[ctidx].Size;
} else {
EFI_PRINT("%s: Invalid optional header magic %x\n", __func__,
nt->OptionalHeader.Magic);
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-10 20:16:49 +0300