NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable attributes

[mirror_edk2.git] / NetworkPkg / TlsAuthConfigDxe / TlsAuthConfigImpl.c

diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index faefc72d0efa952a571703e74b8f9a948698b521..cbdd5f0664bd64145ca71fdad582895023831a27 100644 (file)
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -813,6 +813,7 @@ EnrollX509toVariable (
   CACert        = NULL;\r
   CACertData    = NULL;\r
   Data          = NULL;\r
+  Attr          = 0;\r
 \r
   Status = ReadFileContent (\r
              Private->FileContext->FHandle,\r
@@ -847,22 +848,22 @@ EnrollX509toVariable (
   CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);\r
 \r
   //\r
-  // Check if signature database entry has been already existed.\r
-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the\r
-  // new signature data to original variable\r
+  // Check if the signature database entry already exists. If it does, use the\r
+  // EFI_VARIABLE_APPEND_WRITE attribute to append the new signature data to\r
+  // the original variable, plus preserve the original variable attributes.\r
   //\r
-  Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;\r
-\r
   Status = gRT->GetVariable(\r
                   VariableName,\r
                   &gEfiTlsCaCertificateGuid,\r
-                  NULL,\r
+                  &Attr,\r
                   &DataSize,\r
                   NULL\r
                   );\r
   if (Status == EFI_BUFFER_TOO_SMALL) {\r
     Attr |= EFI_VARIABLE_APPEND_WRITE;\r
-  } else if (Status != EFI_NOT_FOUND) {\r
+  } else if (Status == EFI_NOT_FOUND) {\r
+    Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;\r
+  } else {\r
     goto ON_EXIT;\r
   }\r
 \r