diff options
| -rw-r--r-- | shim.c | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -915,6 +915,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize, unsigned int size = datasize; if (context->SecDir->Size != 0) { + if (context->SecDir->Size >= size) { + perror(L"Certificate Database size is too large\n"); + return EFI_INVALID_PARAMETER; + } + cert = ImageAddress (data, size, context->SecDir->VirtualAddress); @@ -923,6 +928,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize, return EFI_INVALID_PARAMETER; } + if (cert->Hdr.dwLength > context->SecDir->Size) { + perror(L"Certificate list size is inconsistent with PE headers"); + return EFI_INVALID_PARAMETER; + } + if (cert->Hdr.wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA) { perror(L"Unsupported certificate type %x\n", |