[PATCH v3 7/8] efi_loader: signature: rework for intermediate
Takahiro Akashi
takahiro.akashi at linaro.org
Fri Jul 17 04:10:02 CEST 2020
On Thu, Jul 16, 2020 at 11:39:36AM +0000, REITHER Robert - Contractor wrote:
> Hi,
>
> I think I have found a bug in
> lib/efi_loader/efi_signature.c
>
> efi_verify_certificate()
>
> + cert = x509_cert_parse(sig_data->data, sig_data->size);
> + if (!cert) {
> + EFI_PRINT("Cannot parse x509 certificate\n");
> + continue;
> + }
>
>
> x509_cert_parse() not only returns a pointer, but also embed a linux error_code, so if an error happens there, the (!cert) check will fail!
>
> I suggest using:
>
> - if (!cert) {
> + if (IS_ERR(cert)) {
That's correct.
Can you post a fix patch, please?
# There was the same problem with pkcs7_parse_message(),
# and I have fixed it before.
Thanks,
-Takahiro Akashi
>
> Regards
> Robert
More information about the U-Boot
mailing list