From mboxrd@z Thu Jan  1 00:00:00 1970
From: Takahiro Akashi <takahiro.akashi@linaro.org>
Date: Fri, 17 Jul 2020 11:10:02 +0900
Subject: [PATCH v3 7/8] efi_loader: signature: rework for intermediate
In-Reply-To: <829b39d9703e4a5db2c99fc200a0e189@external.thalesgroup.com>
References: <829b39d9703e4a5db2c99fc200a0e189@external.thalesgroup.com>
Message-ID: <20200717021002.GA28078@laputa>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Thu, Jul 16, 2020 at 11:39:36AM +0000, REITHER Robert - Contractor wrote:
> Hi,
> 
> I think I have found a bug in
> lib/efi_loader/efi_signature.c
> 
> efi_verify_certificate()
> 
> +                                             cert = x509_cert_parse(sig_data->data, sig_data->size);
> +                                             if (!cert) {
> +                                                            EFI_PRINT("Cannot parse x509 certificate\n");
> +                                                            continue;
> +                                             }
> 
> 
> x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!
> 
> I suggest using:
> 
> -                                              if (!cert) {
> +                                            if (IS_ERR(cert)) {

That's correct.
Can you post a fix patch, please?

# There was the same problem with pkcs7_parse_message(),
# and I have fixed it before.

Thanks,
-Takahiro Akashi

> 
> Regards
> Robert