generate_hash(): make check_size() set an error, and verify SecDir size. - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Peter Jones <pjones@redhat.com>	2016-10-17 16:16:17 -0400
committer	Peter Jones <pjones@redhat.com>	2017-02-06 11:16:24 -0500
commit	03b9f800b99b2f980e13fbc994d14bd8ec340c41 (patch)
tree	1fbbf350568671b101d0a0da6ad2cae91a8ed9e3 /tpm.c
parent	431d893b41c53f6a022031ca0cc66fd298e0e472 (diff)
download	efi-boot-shim-03b9f800b99b2f980e13fbc994d14bd8ec340c41.tar.gz efi-boot-shim-03b9f800b99b2f980e13fbc994d14bd8ec340c41.zip

generate_hash(): make check_size() set an error, and verify SecDir size.

Currently generate_hash() attempts to include any trailing data at the end of the binary in the resulting digest, but it won't include such data if the size computed is wrong because context->SecDir->Size is invalid. In this case the return code is EFI_SUCCESS, and the hash will match any a binary as if the Attribute Certificate Table and anything after it are missing. This is wrong. Signed-off-by: Peter Jones <pjones@redhat.com>

Diffstat (limited to 'tpm.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: