[PATCH v3 7/8] efi_loader: signature: rework for intermediate
REITHER Robert - Contractor
robert.reither at external.thalesgroup.com
Thu Jul 16 13:39:36 CEST 2020
Hi,
I think I have found a bug in
lib/efi_loader/efi_signature.c
efi_verify_certificate()
+ cert = x509_cert_parse(sig_data->data, sig_data->size);
+ if (!cert) {
+ EFI_PRINT("Cannot parse x509 certificate\n");
+ continue;
+ }
x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!
I suggest using:
- if (!cert) {
+ if (IS_ERR(cert)) {
Regards
Robert
More information about the U-Boot
mailing list