From patchwork Thu Jun 24 20:51:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Child X-Patchwork-Id: 1496825 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=h4lyt2g8; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G9skz3k86z9sWc for ; Fri, 25 Jun 2021 06:52:11 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4G9sl01zgpz3bvp for ; Fri, 25 Jun 2021 06:52:12 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=h4lyt2g8; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::731; helo=mail-qk1-x731.google.com; envelope-from=nnac123@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=h4lyt2g8; dkim-atps=neutral Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4G9skf47tsz3093 for ; Fri, 25 Jun 2021 06:51:54 +1000 (AEST) Received: by mail-qk1-x731.google.com with SMTP id bl4so16851956qkb.8 for ; Thu, 24 Jun 2021 13:51:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=X7WN0X9YtiBSO5pnM5b7aq1hdWbya2KIAqTNsNQWvd4=; b=h4lyt2g8HdkUzlzF+64bs+yO/dfFhzvpy86GrYywJD84Uv2AeJbL4snAXniSWKpsBm 0bShytKgfT9xwdqDs8RtzbqfDCfeLCYab/Tf8js6EkhThR9hBrwJnFOYg/srpSxF7gF1 AKaWH5rcB8sLSkPsfiEn0lDYIlDPd78z71obcrRp+IOXhuDltawWjvNE09xaWIK+LjRb WDSU793s57dXpkTSjeoq9x8BZXbDzm4WHwR8pyo7UHUOZ3uniZmnJXx7HYmlAZvbLqHz OgoFgIGHgJ6n7KInqjtvmbnC2Dq2SafxiX9TSLDB+sb3FrCoo/p8lER229WjqweSr4ih evGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=X7WN0X9YtiBSO5pnM5b7aq1hdWbya2KIAqTNsNQWvd4=; b=HshtJ/zbYwTswSkDyx/FRzvMOlDqQh3caQ6DsEX0uN1tVgQE6e4xxQKvpg1x4qM6qJ d4pJ0JutkRr5Sdt9vC4N7ZwBrakg7PHGN6nVZXO2kI5ubr+QVU8oQP45MkwQIWydtM+1 9ADkr75h6Q4d8t7p2vskK3pFNw2NkfoLWYxi5QITmiDWYgPzB+WyEA+p3joJ26UgIy18 grvxxQgAARVuHHjsAUMm7iD+8TnPN+8lt9+K8HpYEFbgyZ/f9bMSNrxmW9hep8od5ge9 seNa4x1Vtse8PSVcVRiNYQ61b1XF6USx/5RCd3R6IGlBI+wmWfmVH5xlMUYmsX5bfo0+ 1XWA== X-Gm-Message-State: AOAM530KD9Od38B4fCyKu5PD2kaAbP7e9fo+OmUDh0piHZ75d5WTeAjr dehVLHLIZU5mFo21MpKP0m7mZW3Z122bOfGF X-Google-Smtp-Source: ABdhPJyObweJKLuUS0AX3iUNCaG0+g2kK/sybYUClYpy0ztuQv6VqDCE8HYSVB4YhSL66GKG5TIG9w== X-Received: by 2002:a05:620a:10aa:: with SMTP id h10mr7605379qkk.377.1624567909971; Thu, 24 Jun 2021 13:51:49 -0700 (PDT) Received: from starship5.hsd1.fl.comcast.net ([2601:589:4a00:1ed0:7933:d16c:c13e:a44c]) by smtp.gmail.com with ESMTPSA id 206sm3335629qke.67.2021.06.24.13.51.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jun 2021 13:51:49 -0700 (PDT) From: Nick Child X-Google-Original-From: Nick Child To: skiboot@lists.ozlabs.org Date: Thu, 24 Jun 2021 16:51:07 -0400 Message-Id: <20210624205108.30907-4-nick.child@ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210624205108.30907-1-nick.child@ibm.com> References: <20210624205108.30907-1-nick.child@ibm.com> Subject: [Skiboot] [PATCH 3/4] secvar: return error if validate_esl has extra data X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nick.child@ibm.com, nayna@linux.ibm.com MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Currently, in `validate_esl_list`, the return code is initialized to zero (our success value). While looping though the ESL's in the submitted ESL chain, the loop will break if there is not enough data to meet minimum ESL requirements. This condition was not setting a return code, meaning that the successful return code can pass to the end of the function if there is extra data at the end of the ESL. As a consequence, any properly signed update can successfully commit any data (as long as it is less than the min size of an ESL) to the secvars. This commit will return an error if the described condition is met. This means all data in the appended ESL of an auth file must be accounted for. No extra bytes can be added to the end since, on success, this data will become the updated secvar. Additionally, a test case has been added to ensure that this commit addresses the issue correctly. Signed-off-by: Nick Child --- libstb/secvar/backend/edk2-compat-process.c | 5 ++++- libstb/secvar/test/secvar-test-edk2-compat.c | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index d12d1134..5cb54c95 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -265,8 +265,11 @@ int validate_esl_list(const char *key, const char *esl, const size_t size) while (eslvarsize > 0) { prlog(PR_DEBUG, "esl var size size is %d offset is %d\n", eslvarsize, offset); - if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) + if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) { + prlog(PR_ERR, "ESL has %d unknown extra bytes\n", eslvarsize); + rc = OPAL_PARAMETER; break; + } /* Check Supported ESL Type */ list = get_esl_signature_list(esl + offset, eslvarsize); diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c index 93ade920..0e1a8211 100644 --- a/libstb/secvar/test/secvar-test-edk2-compat.c +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -165,6 +165,21 @@ int run_test() ASSERT(5 == list_length(&variable_bank)); ASSERT(setup_mode); + /* Add PK with bad ESL. should fail since data is not big enough to be ESL*/ + printf("Add PK with invalid appended ESL"); + /* 1014 is length of appended ESL */ + tmp = new_secvar("PK", 3, PK_auth, PK_auth_len - 1014 + sizeof(EFI_SIGNATURE_LIST) - 1, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + rc = edk2_compat_post_process(&variable_bank, &update_bank); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(setup_mode); + + /* Add PK to update and .process(). */ printf("Add PK"); tmp = new_secvar("PK", 3, PK_auth, PK_auth_len, 0);