Clean up code.

[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptAuthenticode.c

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index a1f8c58e746de62a8ba7db54ca3a034236ca0c4a..7b8bca53e741154f0be5166112647f8eb4071b52 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -1,6 +1,14 @@
 /** @file\r
   Authenticode Portable Executable Signature Verification over OpenSSL.\r
 \r
+  Caution: This module requires additional review when modified.\r
+  This library will have external input - signature (e.g. PE/COFF Authenticode).\r
+  This external input must be validated carefully to avoid security issue like\r
+  buffer overflow, integer overflow.\r
+\r
+  AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for\r
+  data structure.\r
+\r
 Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
@@ -18,6 +26,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <openssl/x509.h>\r
 #include <openssl/pkcs7.h>\r
 \r
+//\r
+// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID\r
+//\r
+UINT8 mSpcIndirectOidValue[] = {\r
+  0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04\r
+  };\r
 \r
 /**\r
   Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows\r
@@ -26,6 +40,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
   If AuthData is NULL, then return FALSE.\r
   If ImageHash is NULL, then return FALSE.\r
 \r
+  Caution: This function may receive untrusted input.\r
+  PE/COFF Authenticode is external input, so this function will do basic check for\r
+  Authenticode data structure.\r
+\r
   @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed\r
                            PE/COFF image to be verified.\r
   @param[in]  DataSize     Size of the Authenticode Signature in bytes.\r
@@ -58,6 +76,7 @@ AuthenticodeVerify (
   UINT8        *SpcIndirectDataContent;\r
   UINT8        Asn1Byte;\r
   UINTN        ContentSize;\r
+  UINT8        *SpcIndirectDataOid;\r
 \r
   //\r
   // Check input parameters.\r
@@ -94,6 +113,19 @@ AuthenticodeVerify (
   //       some authenticode-specific structure. Use opaque ASN.1 string to retrieve\r
   //       PKCS#7 ContentInfo here.\r
   //\r
+  SpcIndirectDataOid = (UINT8 *)(Pkcs7->d.sign->contents->type->data);\r
+  if (CompareMem (\r
+        SpcIndirectDataOid,\r
+        mSpcIndirectOidValue,\r
+        sizeof (mSpcIndirectOidValue)\r
+        ) != 0) {\r
+    //\r
+    // Un-matched SPC_INDIRECT_DATA_OBJID.\r
+    //\r
+    goto _Exit;\r
+  }  \r
+\r
+\r
   SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);\r
 \r
   //\r
@@ -114,8 +146,8 @@ AuthenticodeVerify (
     //\r
     // Long Form of Length Encoding, only support two bytes.\r
     //\r
-    ContentSize  = (UINTN) (*(SpcIndirectDataContent + 2));\r
-    ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));\r
+    ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));\r
+    ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));\r
     //\r
     // Skip the SEQUENCE Tag;\r
     //\r