summaryrefslogtreecommitdiff
path: root/lib/efi_loader
diff options
context:
space:
mode:
authorHeinrich Schuchardt <xypron.glpk@gmx.de>2020-07-01 12:44:00 +0200
committerHeinrich Schuchardt <xypron.glpk@gmx.de>2020-07-03 18:03:41 +0200
commit33f183f68b76226a1053694418d2c283371bee72 (patch)
treebf18aa410f8092417033a9394b59d5d340d02b66 /lib/efi_loader
parentae54b946ca03d92f5d9efdf575a0e7940fb5482f (diff)
efi_loader: add missing validation of timestamp
The UEFI specification requires that when UEFI variables are set using time based authentication we have to check that unused fields of the timestamp are zero Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'lib/efi_loader')
-rw-r--r--lib/efi_loader/efi_variable.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 74a9c65402..f9a0efd427 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -481,11 +481,15 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
goto err;
+ memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
+ if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone ||
+ timestamp.daylight || timestamp.pad2)
+ goto err;
+
*data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
*data_size -= (sizeof(auth->time_stamp)
+ auth->auth_info.hdr.dwLength);
- memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
memset(&tm, 0, sizeof(tm));
tm.tm_year = timestamp.year;
tm.tm_mon = timestamp.month;