From 4b026f0d5af36faf3a3629a3ad49c51b5b3be12f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 7 Feb 2020 08:04:33 +0000 Subject: [PATCH] SecurityPkg: Fix incorrect return value when File is NULL The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype can not return EFI_INVALID_PARAMETER. The prototype documentation states it returns EFI_ACCESS_DENIED if: "The file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation may not use File." Correct the documentation, and add a early check, returning EFI_ACCESS_DENIED when File is NULL. Noticed while reviewing commit 6d57592740cdd0b6868baeef7929d6e6fef. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Philippe Mathieu-Daude Reviewed-by: Laszlo Ersek Reviewed-by: Jian J Wang --- .../DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 9 ++++++++- .../Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c index 04b9b0d7fb..cabc0c6c75 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -384,7 +384,7 @@ Finish: and other exception operations. The File parameter allows for possible logging within the SAP of the driver. - If File is NULL, then EFI_INVALID_PARAMETER is returned. + If File is NULL, then EFI_ACCESS_DENIED is returned. If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned. @@ -435,6 +435,13 @@ DxeTpm2MeasureBootHandler ( EFI_PHYSICAL_ADDRESS FvAddress; UINT32 Index; + // + // Check for invalid parameters. + // + if (File == NULL) { + return EFI_ACCESS_DENIED; + } + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); if (EFI_ERROR (Status)) { // diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index 1f2eed29a1..dfaaa0f0b3 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -678,7 +678,7 @@ Finish: and other exception operations. The File parameter allows for possible logging within the SAP of the driver. - If File is NULL, then EFI_INVALID_PARAMETER is returned. + If File is NULL, then EFI_ACCESS_DENIED is returned. If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned. @@ -732,6 +732,13 @@ DxeTpmMeasureBootHandler ( EFI_PHYSICAL_ADDRESS FvAddress; UINT32 Index; + // + // Check for invalid parameters. + // + if (File == NULL) { + return EFI_ACCESS_DENIED; + } + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); if (EFI_ERROR (Status)) { // -- 2.39.2