From nobody Sun May  5 10:47:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+84233+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+84233+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1638399108; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Jqvtso+pujx5XbabXXzXlwB6y8MT/lFtfGZE/t7DQX8XQuBgQ4waPHZUea8snJMLuLgeo6e+7DLgJSpJVW8k5zNMpLAcc4sQqX1ciN+vGP7LMtxlWcDuQDZ2P6bwgI6MmPsoSNflQGbumGKiOmmuNsiLvXCoyaNn8teHD2oi6cw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1638399108;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=FEv9fy+kpvJfhER7qK4Id+jCvkCOXbVdhGodgGtI7LY=;
	b=jtjmq8Yys6sJl5ieJBUUjFDcxtttc2PJh010gLT5weSPU/k/MEb3z+TNSRVauGJSFXDS54arTJipY7iI+VIJFYLKUc4d/Mg7TvL0Sw4Qrvw5+zFLuW34NUd3uQ4gCn7wf2lweSf41kDxU9bnU3WhB8386zEvP6rEnA9u7QZQjTs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+84233+1787277+3901457@groups.io;
	dmarc=fail header.from=<nathaniel.l.desimone@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1638399108840425.477614558352;
 Wed, 1 Dec 2021 14:51:48 -0800 (PST)
Return-Path: <bounce+27952+84233+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id Zi8xYY1788612xUQH3zSV07Z;
 Wed, 01 Dec 2021 14:51:48 -0800
X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web11.820.1638399107341949845
 for <devel@edk2.groups.io>;
 Wed, 01 Dec 2021 14:51:47 -0800
X-IronPort-AV: E=McAfee;i="6200,9189,10185"; a="235308096"
X-IronPort-AV: E=Sophos;i="5.87,280,1631602800";
   d="scan'208";a="235308096"
X-Received: from fmsmga004.fm.intel.com ([10.253.24.48])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 01 Dec 2021 14:51:46 -0800
X-IronPort-AV: E=Sophos;i="5.87,280,1631602800";
   d="scan'208";a="576534365"
X-Received: from nldesimo-desk1.amr.corp.intel.com ([10.212.177.220])
  by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 01 Dec 2021 14:51:46 -0800
From: "Nate DeSimone" <nathaniel.l.desimone@intel.com>
To: devel@edk2.groups.io
Cc: Dandan Bi <dandan.bi@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jadhav Manoj D <manoj.d.jadhav@intel.com>,
	Chasel Chiu <chasel.chiu@intel.com>
Subject: [edk2-devel] [edk2-platforms] [PATCH v1] UserAuthFeaturePkg:
 VerifyPassword() allows one extra password attempt
Date: Wed,  1 Dec 2021 14:51:32 -0800
Message-Id: <20211201225132.1211-1-nathaniel.l.desimone@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,nathaniel.l.desimone@intel.com
X-Gm-Message-State: Vf31DeAL9Z3mMBAa19Ueeavsx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1638399108;
 bh=SPH3OnzbG5bTm09Gn9Y1eYaxl+thGsxRjJBfHKj+4EI=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=t3AQaCymJE9vymPzOtyCRSaKoMBYC8dVxSSJeg70gomLA5oR5MZ3OwTyGt499WmEtCv
 g+TomMsBBjn98jGLxhLQIUKwUYD+MCWhU5cP0U0GSgFlZHbKD6TI0Gh5UA0LX9Cw5k46W
 +gEvohyTigsutr1QdyvJCCj7LPWca5vihVE=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1638399110543100001
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3756

If the password provided by the user is incorrect, then the VerifyPassword()
function is supposed to return EFI_SECURITY_VIOLATION if the user has not
exceeded the maximum number of password guesses (currently set to 3). If the
number of password guesses has been exceeded, then VerifyPassword() shall r=
eturn
EFI_ACCESS_DENIED. UserAuthenticationDxe uses EFI_ACCESS_DENIED as the sign=
al
that the number of guesses has been exceeded for the purposes of triggering=
 a
forced reboot.

VerifyPassword() checks if the number of password guess attempts has exceed=
ed
the maximum allowed before checking if the current password guess is correc=
t. If
it has, then VerifyPassword() immediately returns EFI_ACCESS_DENIED. This
behavior is correct since it is possible for VerifyPassword() to be called =
again
after the maximum number of attempts has been exceeded. However, if the user
guesses incorrectly, then VerifyPassword() will always return
EFI_SECURITY_VIOLATION. This is where the bug is. It is possible that after=
 the
current attempt, the maximum allowed number of attempts is exceeded. Theref=
ore,
VerifyPassword() should check the number of attempts again, after checking =
if
the password is correct.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jadhav Manoj D <manoj.d.jadhav@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
---
 .../UserAuthenticationSmm.c                        | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationSmm.c b/Features/Intel/UserInterface/UserAuthF=
eaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index c24c3c47a5..16e3405a82 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxe=
Smm/UserAuthenticationSmm.c
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxe=
Smm/UserAuthenticationSmm.c
@@ -504,7 +504,12 @@ SmmPasswordHandler (
=20
     if (!IsPasswordVerified (UserGuid, SmmCommunicateSetPassword.OldPasswo=
rd, PasswordLen + 1)) {
       DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: PasswordVerify - FAIL\n"));
-      Status =3D EFI_SECURITY_VIOLATION;
+      if (*PasswordTryCount >=3D PASSWORD_MAX_TRY_COUNT) {
+        DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD try count r=
each!\n"));
+        Status =3D EFI_ACCESS_DENIED;
+      } else {
+        Status =3D EFI_SECURITY_VIOLATION;
+      }
       goto EXIT;
     }
=20
@@ -554,7 +559,12 @@ SmmPasswordHandler (
     }
     if (!IsPasswordVerified (UserGuid, SmmCommunicateVerifyPassword.Passwo=
rd, PasswordLen + 1)) {
       DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: PasswordVerify - FAIL\n"));
-      Status =3D EFI_SECURITY_VIOLATION;
+      if (*PasswordTryCount >=3D PASSWORD_MAX_TRY_COUNT) {
+        DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD try coun=
t reach!\n"));
+        Status =3D EFI_ACCESS_DENIED;
+      } else {
+        Status =3D EFI_SECURITY_VIOLATION;
+      }
       goto EXIT;
     }
     mPasswordVerified =3D TRUE;
--=20
2.27.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84233): https://edk2.groups.io/g/devel/message/84233
Mute This Topic: https://groups.io/mt/87441032/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-