From patchwork Wed Jul 1 10:54:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1321047 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=bubIN6On; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49y9zS47xxz9sR4 for ; Thu, 2 Jul 2020 18:21:24 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 19BEB81B6E; Thu, 2 Jul 2020 10:18:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="bubIN6On"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F1AEA8006D; Wed, 1 Jul 2020 12:54:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 26AD28006D for ; Wed, 1 Jul 2020 12:54:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1593600886; bh=nrFP85msPesLctpGL4ztO2mSbNDzKXxRhM0p6+12YUo=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=bubIN6OngNGgzKkTvbNRlqcIHcuGs9q8zDS0a3hmE9RqQMObuT8USz81hpG4IP3bT MvFoUYnowbigRKs8x9W0SXZZ8DPMlWaU/l9JAeFEUhjvQggkMHBROiWsPgQbAgBxrn 4OBperocbfKp02kN+LtAj28Fjs4lGCB4kLAb28rg= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from workstation5.fritz.box ([88.152.145.75]) by mail.gmx.com (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1N5mKJ-1ilFsL2I39-017DE3; Wed, 01 Jul 2020 12:54:46 +0200 From: Heinrich Schuchardt To: Alexander Graf Cc: AKASHI Takahiro , u-boot@lists.denx.de, Heinrich Schuchardt Subject: [PATCH 1/1] efi_loader: add missing validation of timestamp Date: Wed, 1 Jul 2020 12:54:37 +0200 Message-Id: <20200701105437.118704-1-xypron.glpk@gmx.de> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-Provags-ID: V03:K1:G1CIiZ0mhEBvxLSct4WZHKd41BvwMVLozgjaJkycX1D4xYBiUo9 CME9sFlvGl+QjHYN7hKv/lfGsJtOJqZseVeO+cLwxG+nf5C1R+94Pj9xtkj1XFl8Gcl88JN mMNUvOYbjgO1gjxCs7psIpdvQuqXItMrK5nIPQO+vJnZPtMZyFjPza/njm8Cj5tgWZD4lDr 6K/Ti1z9nlEUGhp9ycufg== X-UI-Out-Filterresults: notjunk:1;V03:K0:AM+5lQwrMH4=:0eQZQ7A8wCmq9DYwFodeeB kte+aCLOoJ2oatQf7brvKe4NblTbgk+1loHxzp9ifH8Wlpf9CaorPl7aANlMKBOHkvxB5DWUE M32h3h/vJCFwEQSnd3ycPOMda803kT7KAPJ3/yxJmDt881wCVtW90GcheZX4HGdELsalYJdGm RSwWiXeZM1t2OFBNCqb+j8AvEZPlcNEAxRgi/Up+B+aJSE62G2Yg4pr4mzM3/npHE9nSzZtF0 iqjZ0Y0KpRXHjYUeIrFMVR2Ly5LM1/TI7PLpQd5oBe/z/i/E+tERYoVu3BFK5M4Xo4sQbcshO vRm1Az8cyO5uzk0DrQbp+q90ePtrZ3Y4q0D2WRenmlBwWRvZ4mLJrgbod8XwP+lHU3Q8npFEl sub3ciXGIysKPak73FkNpeXTlGyIaaUmXp4IoPFy6mF2FCV8YndAWQ4pcMb0M7bfSm1d7Z0KR Y3tHmP/mkkKd9Nz3M7mRqwrGo/lAvJc3oWx7KHxbtNPEI9iANliEJIseKvF5SU0spQ6zcIxi1 to5hv+OL/M9TOyzg7kYiZdgoUXq7x/lXfyoObNpAiwWO5RfQvmaVN30wMOxkopRU+La0UEiXY UM2bnEGpuAa8N0toMznAb/bKjwvShmYPQZanN1yUMrQbz/yp7010pqG3Dz2nAqoMWxLXUifUX HuLOf07YazuAGfWDCgAhzde15mpZhKOTzx0Dmnsu8EQN1cp9eV5XAkF+vz3C/eCS9d15sCvgt 6yySh9wnC5NY02b3iHITv9V5Vh7FWeUJxV5pQqgoVi8CbMrQgsxhev8w9W1Xv++wHIMymwJtN MNDbGQr7sLX4n3UWLSjCUABtpVDNzagWbCVz3q7Zk61nHoQBvpawyDhuhjBKq2vX4HUKz01Dw nmAR6hAYd4jN6zlECyGJKYynw/iggiIouh1vPoiqW2qZKKuALbmIAycr9PLuyQcKK2uCSW7Up YZ2z4IyUjGw2jnQ/rwhMVJ9+I0ESEzVqqyb6dmUl49nOxiLPNd8b2AO6Q5UM6YpaJ/YwCIMtY iOHUxpsvgcBLqxcP8wxKu0SzxIR9atdmVjE2HO49ZsAnWyJuHnzIytlfCe9+vcvmU/YPBsVqv svOn1jj1A0384uj1XvrLJPPWNAfCZTh2fe0Ih3cPrv+JgwpQ8iLPgUR9M1qOFr2qPKiHXX1xp BlGAOFKCLh6fq4P1OAk/vSLuwDn8bRWojdTdIRFRkUb+2EB9i4rlFllC/V44Jvk8RJ5Ipgnxs EwtCPxyoQLLuY8yMvpeOTQR3ur9le7ZEt+xS3HA== X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean The UEFI specification requires that when UEFI variables are set using time based authentication we have to check that unused fields of the timestamp are zero Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.27.0 diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 6271dbcf41..364feeec40 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -480,11 +480,15 @@ static efi_status_t efi_variable_authenticate(u16 *variable, if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7)) goto err; + memcpy(×tamp, &auth->time_stamp, sizeof(timestamp)); + if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone || + timestamp.daylight || timestamp.pad2) + goto err; + *data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength; *data_size -= (sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength); - memcpy(×tamp, &auth->time_stamp, sizeof(timestamp)); memset(&tm, 0, sizeof(tm)); tm.tm_year = timestamp.year; tm.tm_mon = timestamp.month;