X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.c;h=19852dd483241b32f622327f3f5c57a2b4dc4644;hp=91977522a9138cd9c751f543d22c0def0a553ce1;hb=bd0de3963b8e09ccded4b6922d5e6f0146a2f63f;hpb=5c0687ccc27a427e5e50f35e593814055d714d9b

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 91977522a9..19852dd483 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1,7 +1,7 @@
 /** @file
   Implement image verification services for secure boot service in UEFI2.3.1.
 
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -486,7 +486,15 @@ HashPeImageByType (
     //            .... }
     //    The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
     //    This field has the fixed offset (+32) in final Authenticode ASN.1 data.
+    //    Fixed offset (+32) is calculated based on two bytes of length encoding.
     //
+    if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
+      //
+      // Only support two bytes of Long Form of Length Encoding.
+      //
+      continue;
+    }
+
     if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
       break;
     }