Re: [PATCH v3 7/8] efi_loader: signature: rework for intermediate

On Thu, Jul 16, 2020 at 11:39:36AM +0000, REITHER Robert - Contractor wrote:

Hi,

I think I have found a bug in lib/efi_loader/efi_signature.c

efi_verify_certificate()

•                                         cert = x509_cert_parse(sig_data->data, sig_data->size);
  

•                                         if (!cert) {
  

•                                                        EFI_PRINT("Cannot parse x509 certificate\n");
  

•                                                        continue;
  

•                                         }
  
  
  

x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!

I suggest using:

•                                          if (!cert) {
  

•                                        if (IS_ERR(cert)) {
  

That's correct. Can you post a fix patch, please?

# There was the same problem with pkcs7_parse_message(), # and I have fixed it before.

Thanks, -Takahiro Akashi

Regards Robert