import dbxtool-8-5.el8_3.2

This commit is contained in:
CentOS Sources 2021-03-30 08:21:00 -04:00 committed by Stepan Oksanichenko
parent 1a582868b4
commit 8612cdfb5f
2 changed files with 81 additions and 1 deletions

View File

@ -0,0 +1,70 @@
From 50b302ea7b6bd41c38d50b2af9d89af5f715068a Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 16 May 2018 14:06:48 +0200
Subject: [PATCH] fix relop in esl_iter_next()
esl_iter_next() seeks to the next EFI_SIGNATURE_LIST object in the
signature database that's being processed.
- The position of the current (just processed) EFI_SIGNATURE_LIST object
in the signature database is "iter->offset".
- The size of the same is in "iter->esl->SignatureListSize".
- The size of the whole signature dabatase (containing the current
EFI_SIGNATURE_LIST) is in "iter->len".
Thus, we need to advance "iter->offset" by "iter->esl->SignatureListSize",
to reach the next EFI_SIGNATURE_LIST object.
While advancing, we must not exceed the whole signature database. In other
words, the (exclusive) end of the just processed EFI_SIGNATURE_LIST object
is required to precede, or equal, the (exclusive) end of the signature
database. Hence the "good" condition is:
iter->offset + iter->esl->SignatureListSize <= iter->len
The "bad" condition is the negation of the above:
iter->offset + iter->esl->SignatureListSize > iter->len
Because we don't trust "iter->esl->SignatureListSize" (since that was
simply read from the binary blob, not computed by ourselves), we don't
want to add to it or subtract from it (integer overflow!), we just want to
use it naked for comparison. So we subtract "iter->offset" from both
sides: "iter->offset" and "iter->len" are known-good because we've checked
and computed them all along, so we can perform integer operations on them.
After the subtraction, we have the following condition for *bad*:
iter->esl->SignatureListSize > iter->len - iter->offset
Another way to put the same condition, for *bad*, is to swing the sides
around the relop (giving a spin to the relop as well):
iter->len - iter->offset < iter->esl->SignatureListSize
The controlling expression in esl_iter_next() is just this, except for the
typo in the relational operator. Fix it.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1508808
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
src/iter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/iter.c b/src/iter.c
index 45ee059e74c..f19166ab276 100644
--- a/src/iter.c
+++ b/src/iter.c
@@ -222,7 +222,7 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type,
vprintf("Getting next EFI_SIGNATURE_LIST\n");
efi_guid_t type;
esl_get_type(iter, &type);
- if (iter->len - iter->offset > iter->esl->SignatureListSize) {
+ if (iter->len - iter->offset < iter->esl->SignatureListSize) {
warnx("EFI Signature List is malformed");
errx(1, "list has %zd bytes left, element is %"PRIu32" bytes",
iter->len - iter->offset,
--
2.29.2

View File

@ -1,6 +1,6 @@
Name: dbxtool Name: dbxtool
Version: 8 Version: 8
Release: 5%{?dist} Release: 5%{?dist}.2
Summary: Secure Boot DBX updater Summary: Secure Boot DBX updater
License: GPLv2 License: GPLv2
URL: https://github.com/vathpela/dbxtool URL: https://github.com/vathpela/dbxtool
@ -14,6 +14,7 @@ Source0: https://github.com/vathpela/dbxtool/releases/download/dbxtool-%{
Patch0000: %{name}-8-ccldflags.patch Patch0000: %{name}-8-ccldflags.patch
Patch0001: 0001-don-t-use-f-in-dbxtool.service.patch Patch0001: 0001-don-t-use-f-in-dbxtool.service.patch
Patch0002: 0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch Patch0002: 0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch
Patch0003: 0003-fix-relop-in-esl_iter_next.patch
%description %description
This package contains DBX updates for UEFI Secure Boot. This package contains DBX updates for UEFI Secure Boot.
@ -55,6 +56,15 @@ rm -f %{buildroot}/%{_docdir}/%{name}/COPYING
%{_unitdir}/dbxtool.service %{_unitdir}/dbxtool.service
%changelog %changelog
* Wed Jan 20 2021 Jan Hlavac <jhlavac@redhat.com> - 8-5.el8_3.2
- Enable manual gating
Related: rhbz#1681753
Related: rhbz#1912474
* Fri Jan 15 2021 Javier Martinez Canillas <javierm@redhat.com> - 8-5.el8_3.1
- Fix 'EFI Signature List is malformed' error (lersek)
Resolves: rhbz#1912474
* Thu Apr 12 2018 Petr Šabata <contyk@redhat.com> - 8-5 * Thu Apr 12 2018 Petr Šabata <contyk@redhat.com> - 8-5
- Fix build flags injection (rhbz#1548123) - Fix build flags injection (rhbz#1548123)