From: tye1 Date: Wed, 17 Oct 2012 02:13:54 +0000 (+0000) Subject: Add SPC_INDIRECT_DATA_OBJID check to make sure contentType equals to the X-Git-Tag: edk2-stable201903~12956 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=fe5eea5e00b6b9b57d75825f400e811ef48b1cc0 Add SPC_INDIRECT_DATA_OBJID check to make sure contentType equals to the specific value defined in Authenticode PE specification. Signed-off-by: Ye Ting Reviewed-by: Long Qin Reviewed-by:Dong Guo git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13853 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c index a4f62b22b5..bb5f6d4b0d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c @@ -26,6 +26,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +// +// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID +// +UINT8 mSpcIndirectOidValue[] = { + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04 + }; /** Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows @@ -70,6 +76,7 @@ AuthenticodeVerify ( UINT8 *SpcIndirectDataContent; UINT8 Asn1Byte; UINTN ContentSize; + UINT8 *SpcIndirectDataOid; // // Check input parameters. @@ -106,6 +113,19 @@ AuthenticodeVerify ( // some authenticode-specific structure. Use opaque ASN.1 string to retrieve // PKCS#7 ContentInfo here. // + SpcIndirectDataOid = (UINT8 *)(Pkcs7->d.sign->contents->type->data); + if (CompareMem ( + SpcIndirectDataOid, + mSpcIndirectOidValue, + sizeof (mSpcIndirectOidValue) + ) != 0) { + // + // Un-matched SPC_INDIRECT_DATA_OBJID. + // + goto _Exit; + } + + SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); //