import dbxtool-8-5.el8_3.2
This commit is contained in:
parent
1a582868b4
commit
8612cdfb5f
70
SOURCES/0003-fix-relop-in-esl_iter_next.patch
Normal file
70
SOURCES/0003-fix-relop-in-esl_iter_next.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From 50b302ea7b6bd41c38d50b2af9d89af5f715068a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 16 May 2018 14:06:48 +0200
|
||||||
|
Subject: [PATCH] fix relop in esl_iter_next()
|
||||||
|
|
||||||
|
esl_iter_next() seeks to the next EFI_SIGNATURE_LIST object in the
|
||||||
|
signature database that's being processed.
|
||||||
|
|
||||||
|
- The position of the current (just processed) EFI_SIGNATURE_LIST object
|
||||||
|
in the signature database is "iter->offset".
|
||||||
|
|
||||||
|
- The size of the same is in "iter->esl->SignatureListSize".
|
||||||
|
|
||||||
|
- The size of the whole signature dabatase (containing the current
|
||||||
|
EFI_SIGNATURE_LIST) is in "iter->len".
|
||||||
|
|
||||||
|
Thus, we need to advance "iter->offset" by "iter->esl->SignatureListSize",
|
||||||
|
to reach the next EFI_SIGNATURE_LIST object.
|
||||||
|
|
||||||
|
While advancing, we must not exceed the whole signature database. In other
|
||||||
|
words, the (exclusive) end of the just processed EFI_SIGNATURE_LIST object
|
||||||
|
is required to precede, or equal, the (exclusive) end of the signature
|
||||||
|
database. Hence the "good" condition is:
|
||||||
|
|
||||||
|
iter->offset + iter->esl->SignatureListSize <= iter->len
|
||||||
|
|
||||||
|
The "bad" condition is the negation of the above:
|
||||||
|
|
||||||
|
iter->offset + iter->esl->SignatureListSize > iter->len
|
||||||
|
|
||||||
|
Because we don't trust "iter->esl->SignatureListSize" (since that was
|
||||||
|
simply read from the binary blob, not computed by ourselves), we don't
|
||||||
|
want to add to it or subtract from it (integer overflow!), we just want to
|
||||||
|
use it naked for comparison. So we subtract "iter->offset" from both
|
||||||
|
sides: "iter->offset" and "iter->len" are known-good because we've checked
|
||||||
|
and computed them all along, so we can perform integer operations on them.
|
||||||
|
After the subtraction, we have the following condition for *bad*:
|
||||||
|
|
||||||
|
iter->esl->SignatureListSize > iter->len - iter->offset
|
||||||
|
|
||||||
|
Another way to put the same condition, for *bad*, is to swing the sides
|
||||||
|
around the relop (giving a spin to the relop as well):
|
||||||
|
|
||||||
|
iter->len - iter->offset < iter->esl->SignatureListSize
|
||||||
|
|
||||||
|
The controlling expression in esl_iter_next() is just this, except for the
|
||||||
|
typo in the relational operator. Fix it.
|
||||||
|
|
||||||
|
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1508808
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
src/iter.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/iter.c b/src/iter.c
|
||||||
|
index 45ee059e74c..f19166ab276 100644
|
||||||
|
--- a/src/iter.c
|
||||||
|
+++ b/src/iter.c
|
||||||
|
@@ -222,7 +222,7 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type,
|
||||||
|
vprintf("Getting next EFI_SIGNATURE_LIST\n");
|
||||||
|
efi_guid_t type;
|
||||||
|
esl_get_type(iter, &type);
|
||||||
|
- if (iter->len - iter->offset > iter->esl->SignatureListSize) {
|
||||||
|
+ if (iter->len - iter->offset < iter->esl->SignatureListSize) {
|
||||||
|
warnx("EFI Signature List is malformed");
|
||||||
|
errx(1, "list has %zd bytes left, element is %"PRIu32" bytes",
|
||||||
|
iter->len - iter->offset,
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: dbxtool
|
Name: dbxtool
|
||||||
Version: 8
|
Version: 8
|
||||||
Release: 5%{?dist}
|
Release: 5%{?dist}.2
|
||||||
Summary: Secure Boot DBX updater
|
Summary: Secure Boot DBX updater
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://github.com/vathpela/dbxtool
|
URL: https://github.com/vathpela/dbxtool
|
||||||
@ -14,6 +14,7 @@ Source0: https://github.com/vathpela/dbxtool/releases/download/dbxtool-%{
|
|||||||
Patch0000: %{name}-8-ccldflags.patch
|
Patch0000: %{name}-8-ccldflags.patch
|
||||||
Patch0001: 0001-don-t-use-f-in-dbxtool.service.patch
|
Patch0001: 0001-don-t-use-f-in-dbxtool.service.patch
|
||||||
Patch0002: 0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch
|
Patch0002: 0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch
|
||||||
|
Patch0003: 0003-fix-relop-in-esl_iter_next.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains DBX updates for UEFI Secure Boot.
|
This package contains DBX updates for UEFI Secure Boot.
|
||||||
@ -55,6 +56,15 @@ rm -f %{buildroot}/%{_docdir}/%{name}/COPYING
|
|||||||
%{_unitdir}/dbxtool.service
|
%{_unitdir}/dbxtool.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 20 2021 Jan Hlavac <jhlavac@redhat.com> - 8-5.el8_3.2
|
||||||
|
- Enable manual gating
|
||||||
|
Related: rhbz#1681753
|
||||||
|
Related: rhbz#1912474
|
||||||
|
|
||||||
|
* Fri Jan 15 2021 Javier Martinez Canillas <javierm@redhat.com> - 8-5.el8_3.1
|
||||||
|
- Fix 'EFI Signature List is malformed' error (lersek)
|
||||||
|
Resolves: rhbz#1912474
|
||||||
|
|
||||||
* Thu Apr 12 2018 Petr Šabata <contyk@redhat.com> - 8-5
|
* Thu Apr 12 2018 Petr Šabata <contyk@redhat.com> - 8-5
|
||||||
- Fix build flags injection (rhbz#1548123)
|
- Fix build flags injection (rhbz#1548123)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user