DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept\r
untrusted PE/COFF image and validate its data structure within this image buffer before use.\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
for (Index = 0; Index < CertNumber; Index++) {\r
CertSize = (UINTN) ReadUnaligned32 ((UINT32 *)CertPtr);\r
Cert = (UINT8 *)CertPtr + sizeof (UINT32);\r
+ //\r
+ // Advance CertPtr to the next cert in image signer's cert list\r
+ //\r
+ CertPtr = CertPtr + sizeof (UINT32) + CertSize;\r
\r
if (IsCertHashFoundInDatabase (Cert, CertSize, (EFI_SIGNATURE_LIST *)Data, DataSize, &RevocationTime)) {\r
//\r
IsForbidden = TRUE;\r
if (PassTimestampCheck (AuthData, AuthDataSize, &RevocationTime)) {\r
IsForbidden = FALSE;\r
+ //\r
+ // Pass DBT check. Continue to check other certs in image signer's cert list against DBX, DBT\r
+ //\r
+ continue;\r
}\r
goto Done;\r
}\r
\r
- CertPtr = CertPtr + sizeof (UINT32) + CertSize;\r
}\r
\r
Done:\r