efi_loader: signature: fix a size check against revocation list

Since the size check against an entry in efi_search_siglist() is incorrect, this function will never find out a to-be-matched certificate and its associated revocation time in the signature list. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
author: AKASHI Takahiro 2020-07-08 14:01:54 +0900
committer: Heinrich Schuchardt 2020-07-11 23:14:15 +0200
commit: 36b2f9da5ccd38581c80098b0cad6dd1a9224705 (patch)
tree: a7f37bc81b06f12f4a4a7fbd40001b7a7d6b4918 /lib
parent: eb537fd7eb05665a088766128eebd45b585679d3 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index e05c471c61c..cd2df462649 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -433,10 +433,11 @@ static bool efi_search_siglist(struct x509_certificate *cert,
 		 *	time64_t revocation_time;
 		 * };
 		 */
-		if ((sig_data->size == SHA256_SUM_LEN) &&
-		    !memcmp(sig_data->data, hash, SHA256_SUM_LEN)) {
+		if ((sig_data->size >= SHA256_SUM_LEN + sizeof(time64_t)) &&
+		    !memcmp(sig_data->data, msg, SHA256_SUM_LEN)) {
 			memcpy(revoc_time, sig_data->data + SHA256_SUM_LEN,
 			       sizeof(*revoc_time));
+			EFI_PRINT("revocation time: 0x%llx\n", *revoc_time);
 			found = true;
 			goto out;
 		}
author	AKASHI Takahiro	2020-07-08 14:01:54 +0900
committer	Heinrich Schuchardt	2020-07-11 23:14:15 +0200
commit	36b2f9da5ccd38581c80098b0cad6dd1a9224705 (patch)
tree	a7f37bc81b06f12f4a4a7fbd40001b7a7d6b4918 /lib
parent	eb537fd7eb05665a088766128eebd45b585679d3 (diff)