diff options
| author | Peter Jones <pjones@redhat.com> | 2025-02-25 11:44:11 -0500 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2025-02-25 19:40:54 -0500 |
| commit | 3bce11831343ba6e67740f23ab3a6c6f09bc0bca (patch) | |
| tree | 53a2fd99cb66cb0cd51e6bcc80d3fa0223e61699 /pe-relocate.c | |
| parent | 1baf1efb37e2728104765477b12b70aeef3090af (diff) | |
| download | efi-boot-shim-3bce11831343ba6e67740f23ab3a6c6f09bc0bca.tar.gz efi-boot-shim-3bce11831343ba6e67740f23ab3a6c6f09bc0bca.zip | |
pe: read_header(): allow skipping SecDir content validation
When we're parsing the PE header of shim itself from the Loaded Image
object, the signatures aren't present, but the Certificate Table entry
in the Data Directory has not been cleared, so it'll fail verification.
We know when we're doing that, so this patch makes that test optional.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'pe-relocate.c')
| -rw-r--r-- | pe-relocate.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/pe-relocate.c b/pe-relocate.c index bde71729..b436d3ec 100644 --- a/pe-relocate.c +++ b/pe-relocate.c @@ -368,7 +368,8 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) */ EFI_STATUS read_header(void *data, unsigned int datasize, - PE_COFF_LOADER_IMAGE_CONTEXT *context) + PE_COFF_LOADER_IMAGE_CONTEXT *context, + bool check_secdir) { EFI_IMAGE_DOS_HEADER *DosHdr = data; EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; @@ -542,9 +543,12 @@ read_header(void *data, unsigned int datasize, return EFI_UNSUPPORTED; } - if (context->SecDir->VirtualAddress > datasize || - (context->SecDir->VirtualAddress == datasize && - context->SecDir->Size > 0)) { + if (check_secdir && + (context->SecDir->VirtualAddress > datasize || + (context->SecDir->VirtualAddress == datasize && + context->SecDir->Size > 0))) { + dprint(L"context->SecDir->VirtualAddress:0x%llx context->SecDir->Size:0x%llx datasize:0x%llx\n", + context->SecDir->VirtualAddress, context->SecDir->Size, datasize); perror(L"Malformed security header\n"); return EFI_INVALID_PARAMETER; } |