summaryrefslogtreecommitdiff
path: root/MokManager.c
diff options
context:
space:
mode:
authorGary Ching-Pang Lin <glin@suse.com>2015-06-16 11:46:14 -0400
committerPeter Jones <pjones@redhat.com>2015-06-16 11:46:14 -0400
commite9afe1f9d30c033fbda114e62e3b1d8fce485cce (patch)
tree37a7c90fd3d56bcd29ed60d6896d9651ba77b724 /MokManager.c
parent5a778db50b160b3d1c002387eada43f0e4768ab2 (diff)
downloadefi-boot-shim-e9afe1f9d30c033fbda114e62e3b1d8fce485cce.tar.gz
efi-boot-shim-e9afe1f9d30c033fbda114e62e3b1d8fce485cce.zip
MokManager: Discard the list contains an invalid signature
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Diffstat (limited to 'MokManager.c')
-rw-r--r--MokManager.c15
1 files changed, 5 insertions, 10 deletions
diff --git a/MokManager.c b/MokManager.c
index ef0536c3..b9475be1 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -183,10 +183,8 @@ static UINT32 count_keys(void *Data, UINTN DataSize)
}
if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) {
- dbsize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList +
- CertList->SignatureListSize);
- continue;
+ console_errorbox(L"Invalid signature list found");
+ return 0;
}
MokNum++;
@@ -220,12 +218,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
FreePool(list);
return NULL;
}
- if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) {
- dbsize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *)((UINT8 *) CertList +
- CertList->SignatureListSize);
- continue;
- }
+
+ /* Omit the signature check here since we already did it
+ in count_keys() */
Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) +
sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-18 16:52:05 +0000