diff mbox series

[1/1] efi_loader: add missing validation of timestamp

Message ID 20200701105437.118704-1-xypron.glpk@gmx.de
State Accepted, archived
Delegated to: Heinrich Schuchardt
Headers show
Series [1/1] efi_loader: add missing validation of timestamp | expand

Commit Message

Heinrich Schuchardt July 1, 2020, 10:54 a.m. UTC 
The UEFI specification requires that when UEFI variables are set using time
based authentication we have to check that unused fields of the timestamp
are zero

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_variable.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--
2.27.0
diff mbox series

Patch

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 6271dbcf41..364feeec40 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -480,11 +480,15 @@  static efi_status_t efi_variable_authenticate(u16 *variable,
 	if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
 		goto err;

+	memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
+	if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone ||
+	   timestamp.daylight || timestamp.pad2)
+	      goto err;
+
 	*data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
 	*data_size -= (sizeof(auth->time_stamp)
 				+ auth->auth_info.hdr.dwLength);

-	memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
 	memset(&tm, 0, sizeof(tm));
 	tm.tm_year = timestamp.year;
 	tm.tm_mon = timestamp.month;