ad2aeff5ac
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign in the signer's EKU (bsc#1177315) - Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch to fix NULL pointer dereference in AuthenticodeVerify() (bsc#1177789, CVE-2019-14584) - shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315) - Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer use-after-free at the end of the EKU verification (bsc#1177315) OBS-URL: https://build.opensuse.org/request/show/845367 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=168
32 lines
963 B
Diff
32 lines
963 B
Diff
From 928984f771e27d0a64def166bbc5137ce1859fe8 Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Fri, 16 Oct 2020 15:24:44 +0800
|
|
Subject: [PATCH] Cryptlib/CryptAuthenticode: fix NULL pointer dereference in
|
|
AuthenticodeVerify()
|
|
|
|
Merge the fix from edk2 upstream:
|
|
https://bugzilla.tianocore.org/show_bug.cgi?id=1914
|
|
https://edk2.groups.io/g/devel/message/66309
|
|
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
---
|
|
Cryptlib/Pk/CryptAuthenticode.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c
|
|
index 74e50a2..faa1efd 100644
|
|
--- a/Cryptlib/Pk/CryptAuthenticode.c
|
|
+++ b/Cryptlib/Pk/CryptAuthenticode.c
|
|
@@ -106,7 +106,7 @@ AuthenticodeVerify (
|
|
//
|
|
// Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
|
|
//
|
|
- if (!PKCS7_type_is_signed (Pkcs7)) {
|
|
+ if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) {
|
|
goto _Exit;
|
|
}
|
|
|
|
--
|
|
2.28.0
|
|
|