Fix AuthenticodeVerify loop

Cert needs to be modified inside the Index loop, not outside it. This is unlikely to ever trigger since there will typically only be one X509 certificate per EFI_SIGNATURE_LIST, but fix it anyway.
author: Matthew Garrett <mjg@redhat.com> 2012-11-01 10:39:31 -0400
committer: Matthew Garrett <mjg@redhat.com> 2012-11-01 10:39:31 -0400
commit: 201574d1be44ac8741294884ba26a126ae238013 (patch)
tree: 000119326768ccc9d05e8a03e75857905ffad577
parent: 058c0368adf2de0369be090a0996785e55ce1477 (diff)
download: efi-boot-shim-201574d1be44ac8741294884ba26a126ae238013.tar.gz
efi-boot-shim-201574d1be44ac8741294884ba26a126ae238013.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index 816688e1..c038d8e1 100644
--- a/shim.c
+++ b/shim.c
@@ -232,9 +232,10 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
 							      hash, SHA256_DIGEST_SIZE);
 				if (IsFound)
 					break;
+
+				Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 			}
 
-			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 		}
 
 		if (IsFound)
author	Matthew Garrett <mjg@redhat.com>	2012-11-01 10:39:31 -0400
committer	Matthew Garrett <mjg@redhat.com>	2012-11-01 10:39:31 -0400
commit	201574d1be44ac8741294884ba26a126ae238013 (patch)
tree	000119326768ccc9d05e8a03e75857905ffad577
parent	058c0368adf2de0369be090a0996785e55ce1477 (diff)
download	efi-boot-shim-201574d1be44ac8741294884ba26a126ae238013.tar.gz efi-boot-shim-201574d1be44ac8741294884ba26a126ae238013.zip