From patchwork Wed Jul 1 10:54:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 240549 List-Id: U-Boot discussion From: xypron.glpk at gmx.de (Heinrich Schuchardt) Date: Wed, 1 Jul 2020 12:54:37 +0200 Subject: [PATCH 1/1] efi_loader: add missing validation of timestamp Message-ID: <20200701105437.118704-1-xypron.glpk@gmx.de> The UEFI specification requires that when UEFI variables are set using time based authentication we have to check that unused fields of the timestamp are zero Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.27.0 diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 6271dbcf41..364feeec40 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -480,11 +480,15 @@ static efi_status_t efi_variable_authenticate(u16 *variable, if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7)) goto err; + memcpy(×tamp, &auth->time_stamp, sizeof(timestamp)); + if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone || + timestamp.daylight || timestamp.pad2) + goto err; + *data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength; *data_size -= (sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength); - memcpy(×tamp, &auth->time_stamp, sizeof(timestamp)); memset(&tm, 0, sizeof(tm)); tm.tm_year = timestamp.year; tm.tm_mon = timestamp.month;