From: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon, 28 May 2012 04:51:53 +0000 (+0000)
Subject: Fix a bug in DxeImageVerificationLib to use the correct certificate length when verif... 
X-Git-Tag: edk2-stable201903~13380
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=4ef15e6e336325c78eeab67d93fadf1b6d9dfdde

Fix a bug in DxeImageVerificationLib to use the correct certificate length when verifying a signed EFI image.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13364 6f19259b-4bc3-4df7-8a09-765794883524
---

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3e0bbe1ee4..843ca2a92c 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -946,7 +946,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
           //
           VerifyStatus = AuthenticodeVerify (
                            PkcsCertData->CertData,
-                           mSecDataDir->Size - sizeof(PkcsCertData->Hdr),
+                           PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr),
                            RootCert,
                            RootCertSize,
                            mImageDigest,