Enable TPM measurement lib to measure all PE image from a FV unmeasured by TcgPei

[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.c

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index b3648bdee4182ea1ed8e1ae1aaef3489fff39490..9ea3a28ad91b93ede65c6eb159ad5b6b75c52b08 100644 (file)
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1276,6 +1276,9 @@ DxeImageVerificationHandler (
     // Authenticode specification.\r
     //\r
     PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;\r
+    if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {\r
+      goto Done;\r
+    }\r
     AuthData   = PkcsCertData->CertData;\r
     AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);\r
     \r
@@ -1290,7 +1293,8 @@ DxeImageVerificationHandler (
     // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.\r
     //\r
     WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;\r
-    if (!CompareGuid(&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {\r
+    if (!CompareGuid(&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid) ||\r
+        (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData))) {\r
       goto Done;\r
     }\r
     AuthData = WinCertUefiGuid->CertData;\r