Update upstream source from tag 'upstream/15+1613861442.888f5b5'

Update to upstream version '15+1613861442.888f5b5' with Debian dir 15b0853a73144b1f8571ce2bebc2eea68af4a8e3
author: Steve McIntyre <93sam@debian.org> 2021-02-21 13:46:16 +0000
committer: Steve McIntyre <93sam@debian.org> 2021-02-21 13:46:16 +0000
commit: 2a55644555e3c9bb1d948ab817b047123c1dcfd9 (patch)
tree: f3c68875b270405a4cf93cec1b9aa5fb567e0c48 /lib/variables.c
parent: 379f0954e0632f29f5154a0157a046ef20053121 (diff)
parent: 888f5b544b7cce3cdae8074aa617b1d4add271a1 (diff)
download: efi-boot-shim-2a55644555e3c9bb1d948ab817b047123c1dcfd9.tar.gz
efi-boot-shim-2a55644555e3c9bb1d948ab817b047123c1dcfd9.zip
1 files changed, 60 insertions, 36 deletions
diff --git a/lib/variables.c b/lib/variables.c
index 9c2e7d0a..0431d4a2 100644
--- a/lib/variables.c
+++ b/lib/variables.c
@@ -1,22 +1,13 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
 /*
  * Copyright 2012 <James.Bottomley@HansenPartnership.com>
  *
- * see COPYING file
- *
  * Portions of this file are a direct cut and paste from Tianocore
  * (http://tianocore.sf.net)
  *
  *  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
  *
  * Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
- * This program and the accompanying materials
- * are licensed and made available under the terms and conditions of the BSD License
- * which accompanies this distribution.  The full text of the license may be found
- * at
- * http://opensource.org/licenses/bsd-license.php
- *
- * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  *
  */
 #include <efi.h>
@@ -25,33 +16,60 @@
 #include "shim.h"
 
 EFI_STATUS
-variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner,
-		    void **out, int *outlen)
+fill_esl(const uint8_t *data, const size_t data_len,
+	 const EFI_GUID *type, const EFI_GUID *owner,
+	 uint8_t *out, size_t *outlen)
 {
-	*outlen = cert_len + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
+	EFI_SIGNATURE_LIST *sl;
+	EFI_SIGNATURE_DATA *sd;
+	size_t needed = 0;
 
-	*out = AllocateZeroPool(*outlen);
-	if (!*out)
-		return EFI_OUT_OF_RESOURCES;
+	if (!data || !data_len || !type || !outlen)
+		return EFI_INVALID_PARAMETER;
 
-	EFI_SIGNATURE_LIST *sl = *out;
+	needed = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID) + data_len;
+	if (!out || *outlen < needed) {
+		*outlen = needed;
+		return EFI_BUFFER_TOO_SMALL;
+	}
+
+	*outlen = needed;
+	sl = (EFI_SIGNATURE_LIST *)out;
 
 	sl->SignatureHeaderSize = 0;
 	sl->SignatureType = *type;
-	sl->SignatureSize = cert_len + sizeof(EFI_GUID);
-	sl->SignatureListSize = *outlen;
-
-	EFI_SIGNATURE_DATA *sd = *out + sizeof(EFI_SIGNATURE_LIST);
+	sl->SignatureSize = sizeof(EFI_GUID) + data_len;
+	sl->SignatureListSize = needed;
 
+	sd = (EFI_SIGNATURE_DATA *)(out + sizeof(EFI_SIGNATURE_LIST));
 	if (owner)
 		sd->SignatureOwner = *owner;
 
-	CopyMem(sd->SignatureData, cert, cert_len);
+	CopyMem(sd->SignatureData, data, data_len);
 
 	return EFI_SUCCESS;
 }
 
 EFI_STATUS
+variable_create_esl(const uint8_t *data, const size_t data_len,
+		    const EFI_GUID *type, const EFI_GUID *owner,
+		    uint8_t **out, size_t *outlen)
+{
+	EFI_STATUS efi_status;
+
+	*outlen = 0;
+	efi_status = fill_esl(data, data_len, type, owner, NULL, outlen);
+	if (efi_status != EFI_BUFFER_TOO_SMALL)
+		return efi_status;
+
+	*out = AllocateZeroPool(*outlen);
+	if (!*out)
+		return EFI_OUT_OF_RESOURCES;
+
+	return fill_esl(data, data_len, type, owner, *out, outlen);
+}
+
+EFI_STATUS
 CreateTimeBasedPayload(IN OUT UINTN * DataSize, IN OUT UINT8 ** Data)
 {
 	EFI_STATUS efi_status;
@@ -123,8 +141,8 @@ CreateTimeBasedPayload(IN OUT UINTN * DataSize, IN OUT UINT8 ** Data)
 }
 
 EFI_STATUS
-SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner,
-		  UINT32 options, int createtimebased)
+SetSecureVariable(const CHAR16 * const var, UINT8 *Data, UINTN len,
+		  EFI_GUID owner, UINT32 options, int createtimebased)
 {
 	EFI_SIGNATURE_LIST *Cert;
 	UINTN DataSize;
@@ -137,9 +155,9 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner,
 		return EFI_SECURITY_VIOLATION;
 
 	if (createtimebased) {
-		int ds;
+		size_t ds;
 		efi_status = variable_create_esl(Data, len, &X509_GUID, NULL,
-						 (void **)&Cert, &ds);
+						 (uint8_t **)&Cert, &ds);
 		if (EFI_ERROR(efi_status)) {
 			console_print(L"Failed to create %s certificate %d\n",
 				      var, efi_status);
@@ -159,7 +177,7 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner,
 		return efi_status;
 	}
 
-	efi_status = gRT->SetVariable(var, &owner,
+	efi_status = gRT->SetVariable((CHAR16 *)var, &owner,
 			EFI_VARIABLE_NON_VOLATILE |
 			EFI_VARIABLE_RUNTIME_ACCESS |
 			EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -204,34 +222,39 @@ SETOSIndicationsAndReboot(UINT64 indications)
 }
 
 EFI_STATUS
-get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner,
-		  UINT32 *attributes)
+get_variable_attr(const CHAR16 * const var, UINT8 **data, UINTN *len,
+		  EFI_GUID owner, UINT32 *attributes)
 {
 	EFI_STATUS efi_status;
 
 	*len = 0;
 
-	efi_status = gRT->GetVariable(var, &owner, NULL, len, NULL);
+	efi_status = gRT->GetVariable((CHAR16 *)var, &owner, NULL, len, NULL);
 	if (efi_status != EFI_BUFFER_TOO_SMALL) {
 		if (!EFI_ERROR(efi_status)) /* this should never happen */
 			return EFI_PROTOCOL_ERROR;
 		return efi_status;
 	}
 
-	*data = AllocateZeroPool(*len);
+	/*
+	 * Add three zero pad bytes; at least one correctly aligned UCS-2
+	 * character.
+	 */
+	*data = AllocateZeroPool(*len + 3);
 	if (!*data)
 		return EFI_OUT_OF_RESOURCES;
 
-	efi_status = gRT->GetVariable(var, &owner, attributes, len, *data);
+	efi_status = gRT->GetVariable((CHAR16 *)var, &owner, attributes, len, *data);
 	if (EFI_ERROR(efi_status)) {
 		FreePool(*data);
 		*data = NULL;
 	}
+
 	return efi_status;
 }
 
 EFI_STATUS
-get_variable(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner)
+get_variable(const CHAR16 * const var, UINT8 **data, UINTN *len, EFI_GUID owner)
 {
 	return get_variable_attr(var, data, len, owner, NULL);
 }
@@ -254,7 +277,8 @@ find_in_esl(UINT8 *Data, UINTN DataSize, UINT8 *key, UINTN keylen)
 }
 
 EFI_STATUS
-find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen)
+find_in_variable_esl(const CHAR16 * const var, EFI_GUID owner, UINT8 *key,
+		     UINTN keylen)
 {
 	UINTN DataSize = 0;
 	UINT8 *Data = NULL;
@@ -305,7 +329,7 @@ variable_is_secureboot(void)
 }
 
 EFI_STATUS
-variable_enroll_hash(CHAR16 *var, EFI_GUID owner,
+variable_enroll_hash(const CHAR16 * const var, EFI_GUID owner,
 		     UINT8 hash[SHA256_DIGEST_SIZE])
 {
 	EFI_STATUS efi_status;
@@ -330,7 +354,7 @@ variable_enroll_hash(CHAR16 *var, EFI_GUID owner,
 		efi_status = SetSecureVariable(var, sig, sizeof(sig), owner,
 					       EFI_VARIABLE_APPEND_WRITE, 0);
 	else
-		efi_status = gRT->SetVariable(var, &owner,
+		efi_status = gRT->SetVariable((CHAR16 *)var, &owner,
 					      EFI_VARIABLE_NON_VOLATILE |
 					      EFI_VARIABLE_BOOTSERVICE_ACCESS |
 					      EFI_VARIABLE_APPEND_WRITE,
author	Steve McIntyre <93sam@debian.org>	2021-02-21 13:46:16 +0000
committer	Steve McIntyre <93sam@debian.org>	2021-02-21 13:46:16 +0000
commit	2a55644555e3c9bb1d948ab817b047123c1dcfd9 (patch)
tree	f3c68875b270405a4cf93cec1b9aa5fb567e0c48 /lib/variables.c
parent	379f0954e0632f29f5154a0157a046ef20053121 (diff)
parent	888f5b544b7cce3cdae8074aa617b1d4add271a1 (diff)
download	efi-boot-shim-2a55644555e3c9bb1d948ab817b047123c1dcfd9.tar.gz efi-boot-shim-2a55644555e3c9bb1d948ab817b047123c1dcfd9.zip