[edk2-devel] [PATCH] REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4649

Thu, 21 Mar 2024 20:51:21 -0700 

The KeyLibGenerateSalt function fails to check the return value of RandomSeed 
and RandomBytes function
calls.
SavePasswordToVariable function also fails to check the status of calling 
function KeyLibGenerateSalt

Added a status check for all the above mentioned function's

Signed-off-by: V V Pranav <pranav....@intel.com>
---
 .../UserAuthenticationDxeSmm/KeyService.c                 | 8 ++++++--
 .../UserAuthenticationDxeSmm/UserAuthenticationSmm.c      | 6 +++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/KeyService.c
 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/KeyService.c
index 8b06e58ca5..f0a537e707 100644
--- 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/KeyService.c
+++ 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/KeyService.c
@@ -78,8 +78,12 @@ KeyLibGenerateSalt (
   if (SaltValue == NULL) {
     return FALSE;
   }
-  RandomSeed(NULL, 0);
-  RandomBytes(SaltValue, SaltSize);
+  if (!RandomSeed(NULL, 0)) {
+    return FALSE;
+  }
+  if (!RandomBytes(SaltValue, SaltSize)) {
+    return FALSE;
+  }
   return TRUE;
 }
 
diff --git 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index 98f40c1812..1efae70e38 100644
--- 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
+++ 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
@@ -221,12 +221,16 @@ SavePasswordToVariable (
   EFI_STATUS                        Status;
   USER_PASSWORD_VAR_STRUCT          UserPasswordVarStruct;
   BOOLEAN                           HashOk;
+  BOOLEAN                           KeyLibGenerateSaltOk;
 
   //
   // If password is NULL, it means we want to clean password field saved in 
variable region.
   //
   if (Password != NULL) {
-    KeyLibGenerateSalt (UserPasswordVarStruct.PasswordSalt, 
sizeof(UserPasswordVarStruct.PasswordSalt));
+    KeyLibGenerateSaltOk = KeyLibGenerateSalt 
(UserPasswordVarStruct.PasswordSalt, 
sizeof(UserPasswordVarStruct.PasswordSalt));
+    if (!KeyLibGenerateSaltOk) {
+      return EFI_NOT_FOUND;
+    }
     HashOk = KeyLibGeneratePBKDF2Hash (
                HASH_TYPE_SHA256,
                (UINT8 *)Password,
-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117023): https://edk2.groups.io/g/devel/message/117023
Mute This Topic: https://groups.io/mt/105079487/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to