Add some debugging data to the last malformed binary check...

Signed-off-by: Peter Jones <pjones@redhat.com>

1 files changed, 27 insertions, 2 deletions

diff --git a/shim.c b/shim.c
index 63a4ebd8..b79cafb9 100644
--- a/shim.c
+++ b/shim.c
@@ -920,14 +920,18 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 		SumOfBytesHashed += Section->SizeOfRawData;
 	}
 
-	/* Hash all remaining data */
-	if (datasize > SumOfBytesHashed) {
+	/* Hash all remaining data up to SecDir if SecDir->Size is not 0 */
+	if (datasize > SumOfBytesHashed && context->SecDir->Size) {
 		hashbase = data + SumOfBytesHashed;
 		hashsize = datasize - context->SecDir->Size - SumOfBytesHashed;
 
 		if ((datasize - SumOfBytesHashed < context->SecDir->Size) ||
 		    (SumOfBytesHashed + hashsize != context->SecDir->VirtualAddress)) {
 			perror(L"Malformed binary after Attribute Certificate Table\n");
+			Print(L"datasize: %u SumOfBytesHashed: %u SecDir->Size: %lu\n",
+			      datasize, SumOfBytesHashed, context->SecDir->Size);
+			Print(L"hashsize: %u SecDir->VirtualAddress: 0x%08lx\n",
+			      hashsize, context->SecDir->VirtualAddress);
 			status = EFI_INVALID_PARAMETER;
 			goto done;
 		}
@@ -939,8 +943,29 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 			status = EFI_OUT_OF_RESOURCES;
 			goto done;
 		}
+
+		SumOfBytesHashed += hashsize;
 	}
 
+#if 0 // we have to migrate to doing this later :/
+	/* Hash all remaining data */
+	if (datasize > SumOfBytesHashed) {
+		hashbase = data + SumOfBytesHashed;
+		hashsize = datasize - SumOfBytesHashed;
+
+		check_size(data, datasize_in, hashbase, hashsize);
+
+		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+			perror(L"Unable to generate hash\n");
+			status = EFI_OUT_OF_RESOURCES;
+			goto done;
+		}
+
+		SumOfBytesHashed += hashsize;
+	}
+#endif
+
 	if (!(Sha256Final(sha256ctx, sha256hash)) ||
 	    !(Sha1Final(sha1ctx, sha1hash))) {
 		perror(L"Unable to finalise hash\n");