diff options
| author | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2021-09-03 22:01:36 +0200 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2025-01-17 14:48:54 -0500 |
| commit | b560c523623bf8b32142220401de86ed44338c3d (patch) | |
| tree | 0dc2f63c53041118386851c9a7da249f4d49fc89 | |
| parent | 3e6089582206f868dc6aba828c2b5f6490ed2777 (diff) | |
| download | efi-boot-shim-b560c523623bf8b32142220401de86ed44338c3d.tar.gz efi-boot-shim-b560c523623bf8b32142220401de86ed44338c3d.zip | |
MokManager: remove redundant logical constraints
CertList->SignatureSize is of type UINT32 which is always positive.
If CertList->SignatureListSize == 0, then
CertList->SignatureListSize <= CertList->SignatureSize
is also true.
Remove the redundant CertList->SignatureListSize == 0 checks.
A message "Corrupted signature list" is better suited then
"Invalid MOK detected! Ignoring MOK List." in this case.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| -rw-r--r-- | MokManager.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/MokManager.c b/MokManager.c index ffcd6a6e..52f5c0a0 100644 --- a/MokManager.c +++ b/MokManager.c @@ -142,17 +142,14 @@ static UINT32 count_keys(void *Data, UINTN DataSize) void *end = Data + DataSize; while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { - /* Use ptr arithmetics to ensure bounded access. Do not allow 0 - * SignatureListSize that will cause endless loop. */ - if ((void *)(CertList + 1) > end - || CertList->SignatureListSize == 0) { + /* Use ptr arithmetics to ensure bounded access. */ + if ((void *)(CertList + 1) > end) { console_notify (L"Invalid MOK detected! Ignoring MOK List."); return 0; } - if (CertList->SignatureListSize == 0 || - CertList->SignatureListSize <= CertList->SignatureSize) { + if (CertList->SignatureListSize <= CertList->SignatureSize) { console_errorbox(L"Corrupted signature list"); return 0; } |