From: gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon, 15 Oct 2012 06:08:22 +0000 (+0000)
Subject: Fix time-based and count-based authenticated variable can be updated by each other... 
X-Git-Tag: edk2-stable201903~12961
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=89be2b037f11cc64bd14fd5db41dc6e4a2171cdc

Fix time-based and count-based authenticated variable can be updated by each other without verification.

Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13848 6f19259b-4bc3-4df7-8a09-765794883524
---

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index cf8ad99696..6576e681c3 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -1137,6 +1137,22 @@ ProcessVariable (
     return EFI_SECURITY_VIOLATION;
   }
   
+  //
+  // A time-based authenticated variable and a count-based authenticated variable
+  // can't be updated by each other.
+  // 
+  if (Variable->CurrPtr != NULL) {    
+    if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) &&
+        ((Variable->CurrPtr->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
+      return EFI_SECURITY_VIOLATION;      
+    }
+    
+    if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) && 
+        ((Variable->CurrPtr->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) {
+      return EFI_SECURITY_VIOLATION;      
+    }
+  }
+    
   //
   // Process Time-based Authenticated variable.
   //