SecurityPkg: Fix incorrect return value when File is NULL

The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers
are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype
can not return EFI_INVALID_PARAMETER.

The prototype documentation states it returns EFI_ACCESS_DENIED if:

  "The file specified by File and FileBuffer did not authenticate,
   and the platform policy dictates that the DXE Foundation may not
   use File."

Correct the documentation, and add a early check, returning
EFI_ACCESS_DENIED when File is NULL.

Noticed while reviewing commit 6d57592740cdd0b6868baeef7929d6e6fef.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index 04b9b0d7fbf39ebb7db67402327c27d1a93c3e2f..cabc0c6c755641c158b0ef9c4f3039363a1c0288 100644 (file)
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -384,7 +384,7 @@ Finish:
   and other exception operations.  The File parameter allows for possible logging\r
   within the SAP of the driver.\r
 \r
-  If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+  If File is NULL, then EFI_ACCESS_DENIED is returned.\r
 \r
   If the file specified by File with an authentication status specified by\r
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
@@ -435,6 +435,13 @@ DxeTpm2MeasureBootHandler (
   EFI_PHYSICAL_ADDRESS                FvAddress;\r
   UINT32                              Index;\r
 \r
+  //\r
+  // Check for invalid parameters.\r
+  //\r
+  if (File == NULL) {\r
+    return EFI_ACCESS_DENIED;\r
+  }\r
+\r
   Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
   if (EFI_ERROR (Status)) {\r
     //\r

diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index 1f2eed29a1df390f2e06c376b270f7e5c2c44b33..dfaaa0f0b3329d854a4342347e6db5bf745ec61e 100644 (file)
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -678,7 +678,7 @@ Finish:
   and other exception operations.  The File parameter allows for possible logging\r
   within the SAP of the driver.\r
 \r
-  If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+  If File is NULL, then EFI_ACCESS_DENIED is returned.\r
 \r
   If the file specified by File with an authentication status specified by\r
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
@@ -732,6 +732,13 @@ DxeTpmMeasureBootHandler (
   EFI_PHYSICAL_ADDRESS                FvAddress;\r
   UINT32                              Index;\r
 \r
+  //\r
+  // Check for invalid parameters.\r
+  //\r
+  if (File == NULL) {\r
+    return EFI_ACCESS_DENIED;\r
+  }\r
+\r
   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
   if (EFI_ERROR (Status)) {\r
     //\r