From nobody Sat Apr 27 23:14:09 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 153126307297214.579136894521753;
 Tue, 10 Jul 2018 15:51:12 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id A7E412096FAA0;
	Tue, 10 Jul 2018 15:51:12 -0700 (PDT)
Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com
 [IPv6:2607:f8b0:400d:c0d::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8AF8021A143EF
 for <edk2-devel@lists.01.org>; Tue, 10 Jul 2018 15:51:10 -0700 (PDT)
Received: by mail-qt0-x235.google.com with SMTP id m13-v6so19853862qth.1
 for <edk2-devel@lists.01.org>; Tue, 10 Jul 2018 15:51:10 -0700 (PDT)
Received: from lbrmn-lnxub138.ric.broadcom.com ([192.19.228.250])
 by smtp.gmail.com with ESMTPSA id i22-v6sm15472112qtc.8.2018.07.10.15.51.07
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 10 Jul 2018 15:51:08 -0700 (PDT)
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:400d:c0d::235; helo=mail-qt0-x235.google.com;
 envelope-from=rbacik@gmail.com; receiver=edk2-devel@lists.01.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id;
 bh=/pUcR/Uvm0Xtk4DJ398srcukTSTiVWaOpknDks+Ib4E=;
 b=ZK+hUB817YE7tLGbvx+QYfsvqsbJeYaamQ+X6uoDcbH83zbsaNuC0CBt4KuSnfnqkQ
 txV6K0iixnAAuwaDVmTZa/oB1db0cFhc9xPorLnjLGieEksjBPEHeK3E6Tn0VBN9lJ7P
 4CjqEPnN8QhMktpqHt1Y3WOfaocFpXEhdHzLToTK4v4YGoqpZBiuZs7x8gf/gNAtk8mS
 3Od1ZczzJ9BCWtMe4bkYxcG4BGCAow9paBhDL6n+u3yt9Ekq6Jzo92nasuisduyz76Wm
 hL5IIzstPL3tOCnpvjdyUnPA6cQhcK31xxvEyQn9+ntzqUafdsDcwaJYulxM5TZ16Dir
 7eQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=/pUcR/Uvm0Xtk4DJ398srcukTSTiVWaOpknDks+Ib4E=;
 b=Ay9QTX1BtJKI7KjpR7ImNxzBs7thKKfOWZ49zwceZSdNIhmWMtKi+VB7gGPutRPzsP
 ZHpiGREj0oLN7cEGMfHLHxGb1mVk9bOjtrc0Va/YZod3cz26bH1E1zSLaOwPNJ8pWFWv
 qUgCcJ0lD2+yR8OaB2bcSj20O3xqtbcaHy+mYx0HkIOD0U42zUsFnSO4EXEZWuACSGfs
 /pviIpAaxJUGosJIBUJwXPddvKa9FtnLMoWprp/7W2ZahCPvObkaw/ozL9Hr5bMpjRGb
 Bd6S3Ol/f568YNP+a/YTags+0ErMPP9DOMBwV1OS+H+14nib/9j4kWGVrphouGrOfLS7
 uG7Q==
X-Gm-Message-State: APt69E1yNAPUQErMqgd2WbfYc/+rwSsqUpU+nh9aS5DLBqUgSexHhezh
 oYMlRx3NREW1MLDGvTx6Jn1BduaMGBI=
X-Google-Smtp-Source: 
 AAOMgpeR+U2a/9YAAV2LlbD+81kacLe27IWMeTiW7phKSafoDgkyDT8Imf+VPjx2qkqioNqKFxNq2w==
X-Received: by 2002:aed:2496:: with SMTP id
 t22-v6mr24810177qtc.44.1531263069253;
 Tue, 10 Jul 2018 15:51:09 -0700 (PDT)
From: rbacik@gmail.com
X-Google-Original-From: roman.bacik@broadcom.com
To: edk2-devel@lists.01.org
Date: Tue, 10 Jul 2018 15:51:05 -0700
Message-Id: <20180710225105.28443-1-roman.bacik@broadcom.com>
X-Mailer: git-send-email 2.17.1
Subject: [edk2] [PATCH v2] SecurityPkg: Fix assert when setting key from
 eMMC/SD/USB
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Laszlo Ersek <lersek@redhat.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>,
 Chao Zhang <chao.b.zhang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

From: Roman Bacik <roman.bacik@broadcom.com>

When secure boot is enabled, if one loads keys from a FAT formatted
eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu,
an assert in StrLen() occurs.
This is because the filename starts on odd address, which is not a uint16
aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1003

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
---
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFile=
Explorer.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo=
otConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfig=
Dxe/SecureBootConfigFileExplorer.c
index 1b6f88804275..19b13a5569a6 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gFileExplorer.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gFileExplorer.c
@@ -123,6 +123,8 @@ OpenFileByDevicePath(
   EFI_FILE_PROTOCOL               *Handle1;
   EFI_FILE_PROTOCOL               *Handle2;
   EFI_HANDLE                      DeviceHandle;
+  CHAR16                          *PathName;
+  UINTN                           PathLength;
=20
   if ((FilePath =3D=3D NULL || FileHandle =3D=3D NULL)) {
     return EFI_INVALID_PARAMETER;
@@ -173,6 +175,11 @@ OpenFileByDevicePath(
     //
     Handle2  =3D Handle1;
     Handle1 =3D NULL;
+    PathLength =3D DevicePathNodeLength(*FilePath) - sizeof(EFI_DEVICE_PAT=
H_PROTOCOL);
+    PathName =3D AllocateCopyPool(PathLength, ((FILEPATH_DEVICE_PATH*)*Fil=
ePath)->PathName);
+    if (PathName =3D=3D NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
=20
     //
     // Try to test opening an existing file
@@ -180,7 +187,7 @@ OpenFileByDevicePath(
     Status =3D Handle2->Open (
                           Handle2,
                           &Handle1,
-                          ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+                          PathName,
                           OpenMode &~EFI_FILE_MODE_CREATE,
                           0
                          );
@@ -192,7 +199,7 @@ OpenFileByDevicePath(
       Status =3D Handle2->Open (
                             Handle2,
                             &Handle1,
-                            ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+                            PathName,
                             OpenMode,
                             Attributes
                            );
@@ -202,6 +209,8 @@ OpenFileByDevicePath(
     //
     Handle2->Close (Handle2);
=20
+    FreePool (PathName);
+
     if (EFI_ERROR(Status)) {
       return (Status);
     }
--=20
2.17.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel