From 1ca3a099383997be7aa071c0c211814f72c9ce4d Mon Sep 17 00:00:00 2001
From: Chao Zhang <chao.b.zhang@intel.com>
Date: Wed, 15 Jul 2015 02:13:48 +0000
Subject: [PATCH] SecurityPkg: Fix DBX Variable Read Error in
 ImageVerificationLib

ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17981 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3331b6862e..ca1bdc0be8 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1448,7 +1448,7 @@ IsAllowedByDb (
             if (Status == EFI_BUFFER_TOO_SMALL) {
               goto Done;
             }
-            DbxData = (UINT8 *) AllocateZeroPool (DataSize);
+            DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);
             if (DbxData == NULL) {
               goto Done;
             }
-- 
2.39.2