Fix AuthenticodeVerify loop

Cert needs to be modified inside the Index loop, not outside it. This is unlikely to ever trigger since there will typically only be one X509 certificate per EFI_SIGNATURE_LIST, but fix it anyway.
author: Matthew Garrett <mjg@redhat.com> 2012-11-01 10:39:31 -0400
committer: Matthew Garrett <mjg@redhat.com> 2012-11-01 10:39:31 -0400
commit: cb385f19370e919921c7e1c2c54c0a2d87a20888 (patch)
tree: 000119326768ccc9d05e8a03e75857905ffad577
parent: 7a471602081dca1c825e66e4621e8c1ac9d01fd5 (diff)
download: efi-boot-shim-cb385f19370e919921c7e1c2c54c0a2d87a20888.tar.gz
efi-boot-shim-cb385f19370e919921c7e1c2c54c0a2d87a20888.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index 816688e1..c038d8e1 100644
--- a/shim.c
+++ b/shim.c
@@ -232,9 +232,10 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
 							      hash, SHA256_DIGEST_SIZE);
 				if (IsFound)
 					break;
+
+				Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 			}
 
-			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 		}
 
 		if (IsFound)
author	Matthew Garrett <mjg@redhat.com>	2012-11-01 10:39:31 -0400
committer	Matthew Garrett <mjg@redhat.com>	2012-11-01 10:39:31 -0400
commit	cb385f19370e919921c7e1c2c54c0a2d87a20888 (patch)
tree	000119326768ccc9d05e8a03e75857905ffad577
parent	7a471602081dca1c825e66e4621e8c1ac9d01fd5 (diff)
download	efi-boot-shim-cb385f19370e919921c7e1c2c54c0a2d87a20888.tar.gz efi-boot-shim-cb385f19370e919921c7e1c2c54c0a2d87a20888.zip