Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2025-02-17 22:49:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

efi_loader: add missing validation of timestamp

Browse source 
The UEFI specification requires that when UEFI variables are set using time
based authentication we have to check that unused fields of the timestamp
are zero

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Heinrich Schuchardt 2020-07-01 12:44:00 +02:00
parent ae54b946ca
commit 33f183f68b
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/efi_loader/efi_variable.c
View file

@ -481,11 +481,15 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
goto err;
memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone ||
timestamp.daylight || timestamp.pad2)
goto err;
*data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
*data_size -= (sizeof(auth->time_stamp)
+ auth->auth_info.hdr.dwLength);
memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
memset(&tm, 0, sizeof(tm));
tm.tm_year = timestamp.year;
tm.tm_mon = timestamp.month;