Fix signature checking

We could potentially find a valid signature and then fail to validate it
due to not breaking out of the outer while loop.

diff --git a/shim.c b/shim.c
index 8c03915973e5e83c4a2961f6cba1b03f088493cc..816688e1b2ec4360108aa3e0341a4a8f4d826b39 100644 (file)
--- a/shim.c
+++ b/shim.c
@@ -237,6 +237,9 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
                        Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
                }
 
+               if (IsFound)
+                       break;
+
                dbsize -= CertList->SignatureListSize;
                CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
        }