Re: [PATCH v3 7/8] efi_loader: signature: rework for intermediate
Hi,
I think I have found a bug in lib/efi_loader/efi_signature.c
efi_verify_certificate()
+ cert = x509_cert_parse(sig_data->data, sig_data->size); + if (!cert) { + EFI_PRINT("Cannot parse x509 certificate\n"); + continue; + }
x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!
I suggest using:
- if (!cert) { + if (IS_ERR(cert)) {
Regards Robert
On Thu, Jul 16, 2020 at 11:39:36AM +0000, REITHER Robert - Contractor wrote:
Hi,
I think I have found a bug in lib/efi_loader/efi_signature.c
efi_verify_certificate()
cert = x509_cert_parse(sig_data->data, sig_data->size);if (!cert) {EFI_PRINT("Cannot parse x509 certificate\n");continue;}x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!
I suggest using:
if (!cert) {
if (IS_ERR(cert)) {
That's correct. Can you post a fix patch, please?
# There was the same problem with pkcs7_parse_message(), # and I have fixed it before.
Thanks, -Takahiro Akashi
Regards Robert
participants (2)
-
REITHER Robert - Contractor -
Takahiro Akashi