From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 1 Nov 2012 14:31:14 +0000 (-0400)
Subject: Fix signature checking
X-Git-Tag: proxmox/15.7-1+pmx1~66^2~660^2~1
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=7a471602081dca1c825e66e4621e8c1ac9d01fd5;p=efi-boot-shim.git

Fix signature checking

We could potentially find a valid signature and then fail to validate it
due to not breaking out of the outer while loop.
---

diff --git a/shim.c b/shim.c
index 8c03915..816688e 100644
--- a/shim.c
+++ b/shim.c
@@ -237,6 +237,9 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
 			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
 		}
 
+		if (IsFound)
+			break;
+
 		dbsize -= CertList->SignatureListSize;
 		CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
 	}