Fix SBAT variable content validation.

Currently, the check for the contents of the SBAT variable has an
inverted strncmp() test, causing it to delete the variable
inappropriately.

This patch fixes that check, preventing shim from always stepping on the
sbat variable, and adds test cases to validate the correct logic.

Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>

1 files changed, 57 insertions, 0 deletions

diff --git a/test-sbat.c b/test-sbat.c
index 780e5cbe..8b94ecf0 100644
--- a/test-sbat.c
+++ b/test-sbat.c
@@ -953,6 +953,58 @@ test_parse_and_verify(void)
 }
 
 int
+test_preserve_sbat_uefi_variable_good(void)
+{
+	char sbat[] = "sbat,1,\ncomponent,2,\n";
+	size_t sbat_size = sizeof(sbat);
+	UINT32 attributes = SBAT_VAR_ATTRS;
+
+	if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
+		return 0;
+	else
+		return -1;
+}
+
+int
+test_preserve_sbat_uefi_variable_bad_sig(void)
+{
+	char sbat[] = "bad_sig,1,\ncomponent,2,\n";
+	size_t sbat_size = sizeof(sbat);
+	UINT32 attributes = SBAT_VAR_ATTRS;
+
+	if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
+		return -1;
+	else
+		return 0;
+}
+
+int
+test_preserve_sbat_uefi_variable_bad_attr(void)
+{
+	char sbat[] = "sbat,1,\ncomponent,2,\n";
+	size_t sbat_size = sizeof(sbat);
+	UINT32 attributes = 0;
+
+	if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
+		return -1;
+	else
+		return 0;
+}
+
+int
+test_preserve_sbat_uefi_variable_bad_short(void)
+{
+	char sbat[] = "sba";
+	size_t sbat_size = sizeof(sbat);
+	UINT32 attributes = SBAT_VAR_ATTRS;
+
+	if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
+		return -1;
+	else
+		return 0;
+}
+
+int
 main(void)
 {
 	int status = 0;
@@ -989,6 +1041,11 @@ main(void)
 #endif
 	test(test_parse_and_verify);
 
+	test(test_preserve_sbat_uefi_variable_good);
+	test(test_preserve_sbat_uefi_variable_bad_sig);
+	test(test_preserve_sbat_uefi_variable_bad_attr);
+	test(test_preserve_sbat_uefi_variable_bad_short);
+
 	return 0;
 }