Re: [edk2-devel] [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name(CVE-2019-14575)

Thu, 13 Feb 2020 23:47:12 -0800 

Reviewed-by: Jiewen Yao <jiewen....@intel.com>

> -----Original Message-----
> From: Wang, Jian J <jian.j.w...@intel.com>
> Sent: Friday, February 14, 2020 3:28 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B
> <chao.b.zh...@intel.com>
> Subject: [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change
> IsCertHashFoundInDatabase name(CVE-2019-14575)
> 
> IsCertHashFoundInDatabase() is actually used only for searching dbx,
> according to the function logic, its comments and its use cases. Changing
> it to IsCertHashFoundInDbx to avoid confusion.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Chao Zhang <chao.b.zh...@intel.com>
> Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
> ---
>  .../DxeImageVerificationLib/DxeImageVerificationLib.c       | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git
> a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> index 0e1587bc3c..b7fa8ea8c5 100644
> --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> @@ -829,7 +829,7 @@ AddImageExeInfo (
> 
> 
>  **/
> 
>  EFI_STATUS
> 
> -IsCertHashFoundInDatabase (
> 
> +IsCertHashFoundInDbx (
> 
>    IN  UINT8               *Certificate,
> 
>    IN  UINTN               CertSize,
> 
>    IN  EFI_SIGNATURE_LIST  *SignatureList,
> 
> @@ -1362,7 +1362,7 @@ IsForbiddenByDbx (
>      //
> 
>      CertPtr = CertPtr + sizeof (UINT32) + CertSize;
> 
> 
> 
> -    Status = IsCertHashFoundInDatabase (Cert, CertSize, (EFI_SIGNATURE_LIST
> *)Data, DataSize, &RevocationTime, &IsFound);
> 
> +    Status = IsCertHashFoundInDbx (Cert, CertSize, (EFI_SIGNATURE_LIST 
> *)Data,
> DataSize, &RevocationTime, &IsFound);
> 
>      if (EFI_ERROR (Status)) {
> 
>        //
> 
>        // Error in searching dbx. Consider it as 'found'. RevocationTime might
> 
> @@ -1528,7 +1528,7 @@ IsAllowedByDb (
>              //
> 
>              // Here We still need to check if this RootCert's Hash is revoked
> 
>              //
> 
> -            Status = IsCertHashFoundInDatabase (RootCert, RootCertSize,
> (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);
> 
> +            Status = IsCertHashFoundInDbx (RootCert, RootCertSize,
> (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);
> 
>              if (EFI_ERROR (Status)) {
> 
>                //
> 
>                // Error in searching dbx. Consider it as 'found'. 
> RevocationTime might
> 
> --
> 2.24.0.windows.2


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54427): https://edk2.groups.io/g/devel/message/54427
Mute This Topic: https://groups.io/mt/71264909/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to