From nobody Sun May  5 11:30:45 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1508143441427382.8223385276914;
 Mon, 16 Oct 2017 01:44:01 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 461C3202E6160;
	Mon, 16 Oct 2017 01:40:25 -0700 (PDT)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id ABFFA202E5C97
 for <edk2-devel@lists.01.org>; Mon, 16 Oct 2017 01:40:23 -0700 (PDT)
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Oct 2017 01:43:57 -0700
Received: from chenche4.ccr.corp.intel.com ([10.239.158.36])
 by fmsmga004.fm.intel.com with ESMTP; 16 Oct 2017 01:43:56 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.93; helo=mga11.intel.com;
 envelope-from=chen.a.chen@intel.com; receiver=edk2-devel@lists.01.org
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.43,386,1503385200"; d="scan'208";a="323684022"
From: chenc2 <chen.a.chen@intel.com>
To: edk2-devel@lists.01.org
Date: Mon, 16 Oct 2017 16:43:53 +0800
Message-Id: <20171016084353.10212-1-chen.a.chen@intel.com>
X-Mailer: git-send-email 2.13.2.windows.1
Subject: [edk2] [PATCH] SecurityPkg/AuthVariableLib: Fix ptr bad arithmetic.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Wu Hao A <hao.a.wu@intel.com>,
 "Cc : Zhang Chao B" <chao.b.zhang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Use variable instead of sizeof(UINT8) and sizeof(UINT32) to
avoid bad arithmetic of pointer.

Cc: chenc2 <chen.a.chen@intel.com>
Cc: Wu Hao A <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Cc: Zhang Chao B <chao.b.zhang@intel.com>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPk=
g/Library/AuthVariableLib/AuthService.c
index 7188ff6008..d6387d5ea6 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -2289,6 +2289,8 @@ VerifyTimeBasedPayload (
   UINT8                            *CertsInCertDb;
   UINT32                           CertsSizeinDb;
   UINT8                            Sha256Digest[SHA256_DIGEST_SIZE];
+  UINTN                            Offset1;
+  UINTN                            Offset2;
=20
   //
   // 1. TopLevelCert is the top-level issuer certificate in signature Sign=
er Cert Chain
@@ -2559,9 +2561,11 @@ VerifyTimeBasedPayload (
         //
         // Check hash of signer cert CommonName + Top-level issuer tbsCert=
ificate against data in CertDb
         //
+        Offset1 =3D sizeof (UINT8) + sizeof (UINT32);
+        Offset2 =3D sizeof (UINT8);
         Status =3D CalculatePrivAuthVarSignChainSHA256Digest(
-                   SignerCerts + sizeof(UINT8) + sizeof(UINT32),
-                   ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8)=
)),
+                   SignerCerts + Offset1,
+                   ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
                    TopLevelCert,
                    TopLevelCertSize,
                    Sha256Digest
@@ -2596,12 +2600,14 @@ VerifyTimeBasedPayload (
       //
       // When adding a new common authenticated variable, always save Hash=
 of cn of signer cert + tbsCertificate of Top-level issuer
       //
+      Offset1 =3D sizeof (UINT8) + sizeof (UINT32);
+      Offset2 =3D sizeof (UINT8);
       Status =3D InsertCertsToDb (
                  VariableName,
                  VendorGuid,
                  Attributes,
-                 SignerCerts + sizeof(UINT8) + sizeof(UINT32),
-                 ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+                 SignerCerts + Offset1,
+                 ReadUnaligned32 ((UINT32 *)(SignerCerts + Offset2)),
                  TopLevelCert,
                  TopLevelCertSize
                  );
--=20
2.13.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel