Correct the alignment calculation of PE/COFF attribute certificate entry.

This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3324dba0af862dfad49d2e8e6cc5d93054363208..c3793b94293602f22dd5a6cf9c424630e3063241 100644 (file)
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1662,7 +1662,7 @@ DxeImageVerificationHandler (
   //\r
   for (OffSet = SecDataDir->VirtualAddress;\r
        OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);\r
-       OffSet += WinCertificate->dwLength, OffSet += ALIGN_SIZE (OffSet)) {\r
+       OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) {\r
     WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);\r
     if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <= sizeof (WIN_CERTIFICATE) ||\r
         (SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) < WinCertificate->dwLength) {\r