From 4ef15e6e336325c78eeab67d93fadf1b6d9dfdde Mon Sep 17 00:00:00 2001
From: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon, 28 May 2012 04:51:53 +0000
Subject: [PATCH] Fix a bug in DxeImageVerificationLib to use the correct
 certificate length when verifying a signed EFI image.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13364 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 3e0bbe1ee4..843ca2a92c 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -946,7 +946,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
           //
           VerifyStatus = AuthenticodeVerify (
                            PkcsCertData->CertData,
-                           mSecDataDir->Size - sizeof(PkcsCertData->Hdr),
+                           PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr),
                            RootCert,
                            RootCertSize,
                            mImageDigest,
-- 
2.39.2