Hi Jiewen, Jiang, Chao, Could you help review the change.
Best Regards Guomin > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin > Jiang > Sent: Wednesday, April 1, 2020 9:11 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J > <jian.j.w...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> > Subject: [edk2-devel] [PATCH] SecurityPkg/MeasureBootLib: Return > EFI_ACCESS_DENIED after image check fail > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652 > > If check the File at the begin of function, it will only allow the File is > present > and forbid image from buffer. > It is possible that image come from the memory buffer, so make it can run > and check the File after it. > It is improvement for 4b026f0d5af36faf3a3629a3ad49c51b5b3be12f. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Signed-off-by: Guomin Jiang <guomin.ji...@intel.com> > --- > .../DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 14 +++++++----- > -- > .../DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 14 +++++++------ > - > 2 files changed, 14 insertions(+), 14 deletions(-) > > diff --git > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib. > c > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib. > c > index f0e95e5ec0..fdb4758cbe 100644 > --- > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib. > c > +++ > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib. > c > @@ -435,13 +435,6 @@ DxeTpm2MeasureBootHandler ( > EFI_PHYSICAL_ADDRESS FvAddress; UINT32 > Index; - > //- // Check for invalid parameters.- //- if (File == NULL) {- return > EFI_ACCESS_DENIED;- }- Status = gBS->LocateProtocol > (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); if (EFI_ERROR > (Status)) { //@@ -615,6 +608,13 @@ DxeTpm2MeasureBootHandler ( > // Status = PeCoffLoaderGetImageInfo (&ImageContext); if (EFI_ERROR > (Status)) {+ //+ // Check for invalid parameters.+ //+ if (File > == NULL) {+ > Status = EFI_ACCESS_DENIED;+ }+ // // The information can't be got > from the invalid PeImage //diff --git > a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > index d499371e7a..20f7d94d6b 100644 > --- > a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > +++ > b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c > @@ -732,13 +732,6 @@ DxeTpmMeasureBootHandler ( > EFI_PHYSICAL_ADDRESS FvAddress; UINT32 > Index; - > //- // Check for invalid parameters.- //- if (File == NULL) {- return > EFI_ACCESS_DENIED;- }- Status = gBS->LocateProtocol > (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); if (EFI_ERROR > (Status)) { //@@ -912,6 +905,13 @@ DxeTpmMeasureBootHandler ( > // Status = PeCoffLoaderGetImageInfo (&ImageContext); if (EFI_ERROR > (Status)) {+ //+ // Check for invalid parameters.+ //+ if (File > == NULL) {+ > return EFI_ACCESS_DENIED;+ }+ // // The information can't be got > from > the invalid PeImage //-- > 2.25.1.windows.1 > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > > View/Reply Online (#56805): https://edk2.groups.io/g/devel/message/56805 > Mute This Topic: https://groups.io/mt/72691331/4399222 > Group Owner: devel+ow...@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [guomin.ji...@intel.com] -=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57051): https://edk2.groups.io/g/devel/message/57051 Mute This Topic: https://groups.io/mt/72691331/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-