[edk2] [PATCH] SecurityPkg/AuthVariableLib: Fix ptr bad arithmetic.

chenc2 posted 1 patch 7 years, 2 months ago
Failed in applying to current master (apply log)
SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
[edk2] [PATCH] SecurityPkg/AuthVariableLib: Fix ptr bad arithmetic.
Posted by chenc2 7 years, 2 months ago
Use variable instead of sizeof(UINT8) and sizeof(UINT32) to
avoid bad arithmetic of pointer.

Cc: chenc2 <chen.a.chen@intel.com>
Cc: Wu Hao A <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Cc: Zhang Chao B <chao.b.zhang@intel.com>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7188ff6008..d6387d5ea6 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -2289,6 +2289,8 @@ VerifyTimeBasedPayload (
   UINT8                            *CertsInCertDb;
   UINT32                           CertsSizeinDb;
   UINT8                            Sha256Digest[SHA256_DIGEST_SIZE];
+  UINTN                            Offset1;
+  UINTN                            Offset2;
 
   //
   // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
@@ -2559,9 +2561,11 @@ VerifyTimeBasedPayload (
         //
         // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
         //
+        Offset1 = sizeof (UINT8) + sizeof (UINT32);
+        Offset2 = sizeof (UINT8);
         Status = CalculatePrivAuthVarSignChainSHA256Digest(
-                   SignerCerts + sizeof(UINT8) + sizeof(UINT32),
-                   ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+                   SignerCerts + Offset1,
+                   ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
                    TopLevelCert,
                    TopLevelCertSize,
                    Sha256Digest
@@ -2596,12 +2600,14 @@ VerifyTimeBasedPayload (
       //
       // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
       //
+      Offset1 = sizeof (UINT8) + sizeof (UINT32);
+      Offset2 = sizeof (UINT8);
       Status = InsertCertsToDb (
                  VariableName,
                  VendorGuid,
                  Attributes,
-                 SignerCerts + sizeof(UINT8) + sizeof(UINT32),
-                 ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+                 SignerCerts + Offset1,
+                 ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
                  TopLevelCert,
                  TopLevelCertSize
                  );
-- 
2.13.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/AuthVariableLib: Fix ptr bad arithmetic.
Posted by Laszlo Ersek 7 years, 2 months ago
On 10/16/17 10:43, chenc2 wrote:
> Use variable instead of sizeof(UINT8) and sizeof(UINT32) to
> avoid bad arithmetic of pointer.
> 
> Cc: chenc2 <chen.a.chen@intel.com>
> Cc: Wu Hao A <hao.a.wu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Cc: Zhang Chao B <chao.b.zhang@intel.com>
> ---
>  SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 ++++++++++----
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> index 7188ff6008..d6387d5ea6 100644
> --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
> +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> @@ -2289,6 +2289,8 @@ VerifyTimeBasedPayload (
>    UINT8                            *CertsInCertDb;
>    UINT32                           CertsSizeinDb;
>    UINT8                            Sha256Digest[SHA256_DIGEST_SIZE];
> +  UINTN                            Offset1;
> +  UINTN                            Offset2;
>  
>    //
>    // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
> @@ -2559,9 +2561,11 @@ VerifyTimeBasedPayload (
>          //
>          // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
>          //
> +        Offset1 = sizeof (UINT8) + sizeof (UINT32);
> +        Offset2 = sizeof (UINT8);
>          Status = CalculatePrivAuthVarSignChainSHA256Digest(
> -                   SignerCerts + sizeof(UINT8) + sizeof(UINT32),
> -                   ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
> +                   SignerCerts + Offset1,
> +                   ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
>                     TopLevelCert,
>                     TopLevelCertSize,
>                     Sha256Digest
> @@ -2596,12 +2600,14 @@ VerifyTimeBasedPayload (
>        //
>        // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
>        //
> +      Offset1 = sizeof (UINT8) + sizeof (UINT32);
> +      Offset2 = sizeof (UINT8);
>        Status = InsertCertsToDb (
>                   VariableName,
>                   VendorGuid,
>                   Attributes,
> -                 SignerCerts + sizeof(UINT8) + sizeof(UINT32),
> -                 ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
> +                 SignerCerts + Offset1,
> +                 ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
>                   TopLevelCert,
>                   TopLevelCertSize
>                   );
> 

I don't understand how this patch makes any difference.

Thanks
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel