From 201574d1be44ac8741294884ba26a126ae238013 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 1 Nov 2012 10:39:31 -0400
Subject: Fix AuthenticodeVerify loop

Cert needs to be modified inside the Index loop, not outside it. This is unlikely to
ever trigger since there will typically only be one X509 certificate per
EFI_SIGNATURE_LIST, but fix it anyway.
---
 shim.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'shim.c')

diff --git a/shim.c b/shim.c
index 816688e1..c038d8e1 100644
--- a/shim.c
+++ b/shim.c
@@ -232,9 +232,10 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
 							      hash, SHA256_DIGEST_SIZE);
 				if (IsFound)
 					break;
+
+				Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 			}
 
-			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 		}
 
 		if (IsFound)
-- 
cgit v1.2.3