diff options
| author | Jian J Wang <jian.j.wang@intel.com> | 2020-02-14 13:50:32 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-02-19 14:08:23 +0000 |
| commit | c230c002accc4281ccc57bba7153a9b2d9b9ccd3 (patch) | |
| tree | dc8152edd8767ecac2494c162d549094966b6a5c | |
| parent | b1c11470598416c89c67b75c991fd0773bcbab9d (diff) | |
| download | edk2-c230c002accc4281ccc57bba7153a9b2d9b9ccd3.tar.gz | |
SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name (CVE-2019-14575)
IsCertHashFoundInDatabase() is actually used only for searching dbx,
according to the function logic, its comments and its use cases. Changing
it to IsCertHashFoundInDbx to avoid confusion.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
| -rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 0e1587bc3c..b7fa8ea8c5 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -829,7 +829,7 @@ AddImageExeInfo ( **/
EFI_STATUS
-IsCertHashFoundInDatabase (
+IsCertHashFoundInDbx (
IN UINT8 *Certificate,
IN UINTN CertSize,
IN EFI_SIGNATURE_LIST *SignatureList,
@@ -1362,7 +1362,7 @@ IsForbiddenByDbx ( //
CertPtr = CertPtr + sizeof (UINT32) + CertSize;
- Status = IsCertHashFoundInDatabase (Cert, CertSize, (EFI_SIGNATURE_LIST *)Data, DataSize, &RevocationTime, &IsFound);
+ Status = IsCertHashFoundInDbx (Cert, CertSize, (EFI_SIGNATURE_LIST *)Data, DataSize, &RevocationTime, &IsFound);
if (EFI_ERROR (Status)) {
//
// Error in searching dbx. Consider it as 'found'. RevocationTime might
@@ -1528,7 +1528,7 @@ IsAllowedByDb ( //
// Here We still need to check if this RootCert's Hash is revoked
//
- Status = IsCertHashFoundInDatabase (RootCert, RootCertSize, (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);
+ Status = IsCertHashFoundInDbx (RootCert, RootCertSize, (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);
if (EFI_ERROR (Status)) {
//
// Error in searching dbx. Consider it as 'found'. RevocationTime might
|