From: AKASHI Takahiro Date: Wed, 8 Jul 2020 05:01:54 +0000 (+0900) Subject: efi_loader: signature: fix a size check against revocation list X-Git-Url: http://git.dujemihanovic.xyz/img/%7B%7B%20%24style.RelPermalink%20%7D%7D?a=commitdiff_plain;h=36b2f9da5ccd38581c80098b0cad6dd1a9224705;p=u-boot.git efi_loader: signature: fix a size check against revocation list Since the size check against an entry in efi_search_siglist() is incorrect, this function will never find out a to-be-matched certificate and its associated revocation time in the signature list. Signed-off-by: AKASHI Takahiro --- diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index e05c471c61..cd2df46264 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -433,10 +433,11 @@ static bool efi_search_siglist(struct x509_certificate *cert, * time64_t revocation_time; * }; */ - if ((sig_data->size == SHA256_SUM_LEN) && - !memcmp(sig_data->data, hash, SHA256_SUM_LEN)) { + if ((sig_data->size >= SHA256_SUM_LEN + sizeof(time64_t)) && + !memcmp(sig_data->data, msg, SHA256_SUM_LEN)) { memcpy(revoc_time, sig_data->data + SHA256_SUM_LEN, sizeof(*revoc_time)); + EFI_PRINT("revocation time: 0x%llx\n", *revoc_time); found = true; goto out; }