[PATCH v3 7/8] efi_loader: signature: rework for intermediate

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [PATCH v3 7/8] efi_loader: signature: rework for intermediate
@ 2020-07-16 11:39 REITHER Robert - Contractor
  2020-07-17  2:10 ` Takahiro Akashi
  0 siblings, 1 reply; 2+ messages in thread
From: REITHER Robert - Contractor @ 2020-07-16 11:39 UTC (permalink / raw)
  To: u-boot

Hi,

I think I have found a bug in
lib/efi_loader/efi_signature.c

efi_verify_certificate()

+                                             cert = x509_cert_parse(sig_data->data, sig_data->size);
+                                             if (!cert) {
+                                                            EFI_PRINT("Cannot parse x509 certificate\n");
+                                                            continue;
+                                             }


x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!

I suggest using:

-                                              if (!cert) {
+                                            if (IS_ERR(cert)) {


Regards
Robert

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH v3 7/8] efi_loader: signature: rework for intermediate
  2020-07-16 11:39 [PATCH v3 7/8] efi_loader: signature: rework for intermediate REITHER Robert - Contractor
@ 2020-07-17  2:10 ` Takahiro Akashi
  0 siblings, 0 replies; 2+ messages in thread
From: Takahiro Akashi @ 2020-07-17  2:10 UTC (permalink / raw)
  To: u-boot

On Thu, Jul 16, 2020 at 11:39:36AM +0000, REITHER Robert - Contractor wrote:
> Hi,
> 
> I think I have found a bug in
> lib/efi_loader/efi_signature.c
> 
> efi_verify_certificate()
> 
> +                                             cert = x509_cert_parse(sig_data->data, sig_data->size);
> +                                             if (!cert) {
> +                                                            EFI_PRINT("Cannot parse x509 certificate\n");
> +                                                            continue;
> +                                             }
> 
> 
> x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!
> 
> I suggest using:
> 
> -                                              if (!cert) {
> +                                            if (IS_ERR(cert)) {

That's correct.
Can you post a fix patch, please?

# There was the same problem with pkcs7_parse_message(),
# and I have fixed it before.

Thanks,
-Takahiro Akashi

> 
> Regards
> Robert

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-07-17  2:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-16 11:39 [PATCH v3 7/8] efi_loader: signature: rework for intermediate REITHER Robert - Contractor
2020-07-17  2:10 ` Takahiro Akashi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox