Add PubKey index check before touching PubKey cache. Internal PubKey Variable PubkeyI...

author Chao, Zhang <chao.b.zhang@intel.com>

Tue, 21 Oct 2014 00:35:49 +0000 (00:35 +0000)

committer czhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>

Tue, 21 Oct 2014 00:35:49 +0000 (00:35 +0000)
author Chao, Zhang <chao.b.zhang@intel.com>
Tue, 21 Oct 2014 00:35:49 +0000 (00:35 +0000)
committer czhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>
Tue, 21 Oct 2014 00:35:49 +0000 (00:35 +0000)
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c

index 96b1f403c363f0005431a1a7f9404986022c783c..49d7648f66557f11a1071791529b1fc5be201100 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -1410,9 +1410,11 @@ ProcessVariable (
  \r
    if (!IsFirstTime) {\r
      //\r
-    // Check input PubKey.\r
+    // 2 cases need to check here\r
+    //   1. Internal PubKey variable. PubKeyIndex is always 0 \r
+    //   2. Other counter-based AuthVariable. Check input PubKey.\r
      //\r
-    if (CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {\r
+    if (KeyIndex == 0 || CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {\r
        return EFI_SECURITY_VIOLATION;\r
      }\r
      //\r
author	Chao, Zhang <chao.b.zhang@intel.com>
	Tue, 21 Oct 2014 00:35:49 +0000 (00:35 +0000)
committer	czhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>
	Tue, 21 Oct 2014 00:35:49 +0000 (00:35 +0000)