From patchwork Tue Jun 9 05:09:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1305563 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=aCpd9LZe; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49gysK4Xdkz9sRK for ; Tue, 9 Jun 2020 15:11:49 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 31FC481999; Tue, 9 Jun 2020 07:10:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="aCpd9LZe"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 783D9819B8; Tue, 9 Jun 2020 07:10:49 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D187F8179D for ; Tue, 9 Jun 2020 07:10:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pg1-x542.google.com with SMTP id 185so9770878pgb.10 for ; Mon, 08 Jun 2020 22:10:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1UCM5DUcGQ6qIM7IFllRJwUNF/qCTCRCnp0A1ZI1baU=; b=aCpd9LZezEZ5PQCaX6dXzGLBkRp4p1VZSu6/zBUeZVe1MvP4ZXnsa6IxeQO/Xldc6S nEdllsdYPvXhdex7U/UnMQ+BIGTjopTFcgbHk+x0wghg8vhfRJx29aQlBZBzMtk1DB5U F5fd47N7S4G5EtZqqtzOCC36NFCJzXT4qVMoi2vlB1PbTKgXSO7NnUK7KB1K9i4wQm1h l6/IvnZbnWynSCwi0zQOAZu7/iqBHsW325rfoFXtRnQezavr+/So6imb41xjylUJb83S Rcl5CTQ6K0ZTJXWA660820jtH6jQY3g5oqY594D3mlJO41oHjllnD7fvVX5HcOpzbjnh cgGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1UCM5DUcGQ6qIM7IFllRJwUNF/qCTCRCnp0A1ZI1baU=; b=pNl6lAebKWBwcmKyhMC22xM+QxjCZdZObvN6otJ2QRluRo/N4FSQ9VnMnSwuUEdfgJ /bD7kpTQ2ygf7D6s3YtRuqhGJmn68wa15VKFj4Tsrwb+NBP1T5eAtOjvoG3+zWOs0EN0 Q5eXBsFIlhPVADiJrp4DSLxMc4b6IWJL2Y4fXwb3DlG9cbZP5Kfqk6bCeC/bIoCOhc8z q+1PTbbSY3OGeWcuphvB9O27wQvIkBrjkwoNqUT2DxoHx6f+qmDv/L19y+0TfntOaBkX sAEgvYUx9Qvm99hlEXREKXZTdkXaFXgp+jLuTyGpG8AUHU2uuhu9hh3Lr0xK16Ix7tld 0FsA== X-Gm-Message-State: AOAM532hha1ECIz7oGpBQ3FdDiT3PlCKNzRgjwERCE4+toFxohyZo8m2 ZrF9Fuw2tg0gfxCPpSuiCkshLw== X-Google-Smtp-Source: ABdhPJwlJY/HOTe7rrJ4yNczjtRJzV9aJUX5hHBrbDIKmJILvkGLmRdBfEszsjwJhWm98L/MqC9EEA== X-Received: by 2002:a63:2a93:: with SMTP id q141mr22416035pgq.129.1591679444343; Mon, 08 Jun 2020 22:10:44 -0700 (PDT) Received: from localhost.localdomain (p6e421564.tkyea130.ap.so-net.ne.jp. [110.66.21.100]) by smtp.gmail.com with ESMTPSA id p11sm8958611pfq.10.2020.06.08.22.10.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 22:10:43 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: sughosh.ganu@linaro.org, mail@patrick-wildt.de, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 07/17] efi_loader: image_loader: retrieve authenticode only if it exists Date: Tue, 9 Jun 2020 14:09:37 +0900 Message-Id: <20200609050947.17861-8-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200609050947.17861-1-takahiro.akashi@linaro.org> References: <20200609050947.17861-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean Since the certificate table, which is indexed by IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image, doesn't always exist, we should make sure that we will retrieve its pointer only if it exists. Signed-off-by: AKASHI Takahiro --- lib/efi_loader/efi_image_loader.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 38b2c24ab1d6..a617693fe651 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -268,6 +268,8 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, dos = (void *)efi; nt = (void *)(efi + dos->e_lfanew); + authoff = 0; + authsz = 0; /* * Count maximum number of regions to be digested. @@ -306,25 +308,36 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, efi + opt->SizeOfHeaders, 0); + + authoff = opt->DataDirectory[ctidx].VirtualAddress; + authsz = opt->DataDirectory[ctidx].Size; } bytes_hashed = opt->SizeOfHeaders; align = opt->FileAlignment; - authoff = opt->DataDirectory[ctidx].VirtualAddress; - authsz = opt->DataDirectory[ctidx].Size; } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader; + /* Skip CheckSum */ efi_image_region_add(regs, efi, &opt->CheckSum, 0); - efi_image_region_add(regs, &opt->Subsystem, - &opt->DataDirectory[ctidx], 0); - efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, - efi + opt->SizeOfHeaders, 0); + if (nt->OptionalHeader.NumberOfRvaAndSizes <= ctidx) { + efi_image_region_add(regs, + &opt->Subsystem, + efi + opt->SizeOfHeaders, 0); + } else { + /* Skip Certificates Table */ + efi_image_region_add(regs, &opt->Subsystem, + &opt->DataDirectory[ctidx], 0); + efi_image_region_add(regs, + &opt->DataDirectory[ctidx] + 1, + efi + opt->SizeOfHeaders, 0); + + authoff = opt->DataDirectory[ctidx].VirtualAddress; + authsz = opt->DataDirectory[ctidx].Size; + } bytes_hashed = opt->SizeOfHeaders; align = opt->FileAlignment; - authoff = opt->DataDirectory[ctidx].VirtualAddress; - authsz = opt->DataDirectory[ctidx].Size; } else { EFI_PRINT("%s: Invalid optional header magic %x\n", __func__, nt->OptionalHeader.Magic);