Checks the length of the file name to avoid illegal access.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14531 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index e8beecbf583526bdc7a15a2f89b06f083286de91..659952a63a05c7738d5e8235a0237a39deeec207 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -399,6 +399,7 @@ EnrollPlatformKey (
   UINTN                           DataSize;\r
   EFI_SIGNATURE_LIST              *PkCert;\r
   UINT16*                         FilePostFix;\r
+  UINTN                           NameLength;\r
   \r
   if (Private->FileContext->FileName == NULL) {\r
     return EFI_INVALID_PARAMETER;\r
@@ -414,7 +415,11 @@ EnrollPlatformKey (
   //\r
   // Parse the file's postfix. Only support DER encoded X.509 certificate files.\r
   //\r
-  FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
+  NameLength = StrLen (Private->FileContext->FileName);\r
+  if (NameLength <= 4) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+  FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
   if (!IsDerEncodeCertificate(FilePostFix)) {\r
     DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));\r
     return EFI_INVALID_PARAMETER;\r
@@ -803,6 +808,7 @@ EnrollKeyExchangeKey (
 {\r
   UINT16*     FilePostFix;\r
   EFI_STATUS  Status;\r
+  UINTN       NameLength;\r
   \r
   if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {\r
     return EFI_INVALID_PARAMETER;\r
@@ -817,7 +823,11 @@ EnrollKeyExchangeKey (
   // Parse the file's postfix. Supports DER-encoded X509 certificate, \r
   // and .pbk as RSA public key file.\r
   //\r
-  FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
+  NameLength = StrLen (Private->FileContext->FileName);\r
+  if (NameLength <= 4) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+  FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
   if (IsDerEncodeCertificate(FilePostFix)) {\r
     return EnrollX509ToKek (Private);\r
   } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {\r
@@ -1551,6 +1561,7 @@ EnrollSignatureDatabase (
 {\r
   UINT16*      FilePostFix;\r
   EFI_STATUS   Status;\r
+  UINTN        NameLength;\r
 \r
   if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {\r
     return EFI_INVALID_PARAMETER;\r
@@ -1564,7 +1575,11 @@ EnrollSignatureDatabase (
   //\r
   // Parse the file's postfix. \r
   //\r
-  FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
+  NameLength = StrLen (Private->FileContext->FileName);\r
+  if (NameLength <= 4) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+  FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
   if (IsDerEncodeCertificate(FilePostFix)) {\r
     //\r
     // Supports DER-encoded X509 certificate.\r