SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx (CVE-2019-14575)

[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.c

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 1efb2f96cdcc22d4c3e5868c1866d63eac8f35a9..ed5dbf26b0419c8d80200b4a31c7827aac061fce 100644 (file)
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1459,15 +1459,26 @@ IsAllowedByDb (
             DbxDataSize = 0;\r
             Status   = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, NULL);\r
             if (Status != EFI_BUFFER_TOO_SMALL) {\r
+              if (Status != EFI_NOT_FOUND) {\r
+                VerifyStatus = FALSE;\r
+              }\r
               goto Done;\r
             }\r
             DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);\r
             if (DbxData == NULL) {\r
+              //\r
+              // Force not-allowed-by-db to avoid bypass\r
+              //\r
+              VerifyStatus = FALSE;\r
               goto Done;\r
             }\r
 \r
             Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *) DbxData);\r
             if (EFI_ERROR (Status)) {\r
+              //\r
+              // Force not-allowed-by-db to avoid bypass\r
+              //\r
+              VerifyStatus = FALSE;\r
               goto Done;\r
             }\r
 \r