From: Roman Bacik <roman.bacik@broadcom.com>
Date: Tue, 10 Jul 2018 22:51:05 +0000 (-0700)
Subject: SecurityPkg: Fix assert when setting key from eMMC/SD/USB
X-Git-Tag: edk2-stable201903~1423
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=79b10d4ce4f08aab4b9548fabc4542ca78a96247

SecurityPkg: Fix assert when setting key from eMMC/SD/USB

When secure boot is enabled, if one loads keys from a FAT formatted
eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu,
an assert in StrLen() occurs.
This is because the filename starts on odd address, which is not a uint16
aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=1003

There are further known issues with the OpenFileByDevicePath() function;
those are tracked by
<https://bugzilla.tianocore.org/show_bug.cgi?id=1008>.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
[lersek@redhat.com: whitespace fixes]
[lersek@redhat.com: reference TianoCore BZ#1008]
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
index 1b6f888042..2a26c20f39 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
@@ -123,6 +123,8 @@ OpenFileByDevicePath(
   EFI_FILE_PROTOCOL               *Handle1;
   EFI_FILE_PROTOCOL               *Handle2;
   EFI_HANDLE                      DeviceHandle;
+  CHAR16                          *PathName;
+  UINTN                           PathLength;
 
   if ((FilePath == NULL || FileHandle == NULL)) {
     return EFI_INVALID_PARAMETER;
@@ -173,6 +175,11 @@ OpenFileByDevicePath(
     //
     Handle2  = Handle1;
     Handle1 = NULL;
+    PathLength = DevicePathNodeLength (*FilePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL);
+    PathName = AllocateCopyPool (PathLength, ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName);
+    if (PathName == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
 
     //
     // Try to test opening an existing file
@@ -180,7 +187,7 @@ OpenFileByDevicePath(
     Status = Handle2->Open (
                           Handle2,
                           &Handle1,
-                          ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+                          PathName,
                           OpenMode &~EFI_FILE_MODE_CREATE,
                           0
                          );
@@ -192,7 +199,7 @@ OpenFileByDevicePath(
       Status = Handle2->Open (
                             Handle2,
                             &Handle1,
-                            ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+                            PathName,
                             OpenMode,
                             Attributes
                            );
@@ -202,6 +209,8 @@ OpenFileByDevicePath(
     //
     Handle2->Close (Handle2);
 
+    FreePool (PathName);
+
     if (EFI_ERROR(Status)) {
       return (Status);
     }