SecurityPkg: Fix one returned code issue in P7Verify Protocol

VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index 13c91382dce8faf86c552ce76288dd84721f8c79..07fdf552be17cfefc9206146eaa779d1d849b030 100644 (file)
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -833,6 +833,13 @@ VerifyBuffer (
     return EFI_UNSUPPORTED;\r
   }\r
   if (AttachedData != NULL) {\r
+    if (InData != NULL) {\r
+      //\r
+      // The embedded content is found in SignedData but InData is not NULL\r
+      //\r
+      Status = EFI_UNSUPPORTED;\r
+      goto _Exit;\r
+    }\r
     //\r
     // PKCS7-formatted signedData with attached content; Use the embedded\r
     // content for verification\r