import shim-unsigned-x64-15-9.el8
This commit is contained in:
parent
90b875047d
commit
38ad50963b
122
SOURCES/0064-Fix-some-mokmanager-deletion-paths.patch
Normal file
122
SOURCES/0064-Fix-some-mokmanager-deletion-paths.patch
Normal file
@ -0,0 +1,122 @@
|
||||
From 18843127dc0eace16d43d479bd091e221e8785c4 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 17 Aug 2020 15:47:19 -0400
|
||||
Subject: [PATCH] Fix some mokmanager deletion paths
|
||||
|
||||
This fixes several codepaths where MokList and MokListX are supposed to
|
||||
be deleted, but are not. It also adds debug logging to much of the
|
||||
deletion codepath.
|
||||
|
||||
---
|
||||
MokManager.c | 24 +++++++++++++++++++++++-
|
||||
Makefile | 2 +-
|
||||
2 files changed, 24 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/MokManager.c b/MokManager.c
|
||||
index c9949e33bcf..9bae3414fe7 100644
|
||||
--- a/MokManager.c
|
||||
+++ b/MokManager.c
|
||||
@@ -9,6 +9,8 @@
|
||||
|
||||
#include "shim.h"
|
||||
|
||||
+#include "hexdump.h"
|
||||
+
|
||||
#define PASSWORD_MAX 256
|
||||
#define PASSWORD_MIN 1
|
||||
#define SB_PASSWORD_LEN 16
|
||||
@@ -1050,9 +1052,11 @@ static EFI_STATUS mok_reset_prompt(BOOLEAN MokX)
|
||||
if (MokX) {
|
||||
LibDeleteVariable(L"MokXNew", &SHIM_LOCK_GUID);
|
||||
LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID);
|
||||
+ LibDeleteVariable(L"MokListX", &SHIM_LOCK_GUID);
|
||||
} else {
|
||||
LibDeleteVariable(L"MokNew", &SHIM_LOCK_GUID);
|
||||
LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID);
|
||||
+ LibDeleteVariable(L"MokList", &SHIM_LOCK_GUID);
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
@@ -1075,6 +1079,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
|
||||
else
|
||||
db_name = L"MokList";
|
||||
|
||||
+ dprint(L"Writing back %s (%d entries)\n", db_name, key_num);
|
||||
for (i = 0; i < key_num; i++) {
|
||||
if (list[i].Mok == NULL)
|
||||
continue;
|
||||
@@ -1085,8 +1090,15 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
|
||||
DataSize += sizeof(EFI_GUID);
|
||||
DataSize += list[i].MokSize;
|
||||
}
|
||||
- if (DataSize == 0)
|
||||
+ if (DataSize == 0) {
|
||||
+ dprint(L"DataSize = 0; deleting variable %s\n", db_name);
|
||||
+ efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
|
||||
+ EFI_VARIABLE_NON_VOLATILE |
|
||||
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
|
||||
+ DataSize, Data);
|
||||
+ dprint(L"efi_status:%llu\n", efi_status);
|
||||
return EFI_SUCCESS;
|
||||
+ }
|
||||
|
||||
Data = AllocatePool(DataSize);
|
||||
if (Data == NULL)
|
||||
@@ -1291,11 +1303,15 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
|
||||
}
|
||||
|
||||
if (auth_size == PASSWORD_CRYPT_SIZE) {
|
||||
+ dprint(L"matching password with CRYPT");
|
||||
efi_status = match_password((PASSWORD_CRYPT *) auth, NULL, 0,
|
||||
NULL, NULL);
|
||||
+ dprint(L"match_password(0x%llx, NULL, 0, NULL, NULL) = %lu\n", auth, efi_status);
|
||||
} else {
|
||||
+ dprint(L"matching password as sha256sum");
|
||||
efi_status =
|
||||
match_password(NULL, MokDel, MokDelSize, auth, NULL);
|
||||
+ dprint(L"match_password(NULL, 0x%llx, %llu, 0x%llx, NULL) = %lu\n", MokDel, MokDelSize, auth, efi_status);
|
||||
}
|
||||
if (EFI_ERROR(efi_status))
|
||||
return EFI_ACCESS_DENIED;
|
||||
@@ -1365,12 +1381,17 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
|
||||
}
|
||||
|
||||
/* Search and destroy */
|
||||
+ dprint(L"deleting certs from %a\n", MokX ? "MokListX" : "MokList");
|
||||
for (i = 0; i < del_num; i++) {
|
||||
type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
|
||||
if (CompareGuid(&type, &X509_GUID) == 0) {
|
||||
+ dprint(L"deleting key %d (total %d):\n", i, mok_num);
|
||||
+ dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
|
||||
delete_cert(del_key[i].Mok, del_key[i].MokSize,
|
||||
mok, mok_num);
|
||||
} else if (is_sha2_hash(del_key[i].Type)) {
|
||||
+ dprint(L"deleting hash %d (total %d):\n", i, mok_num);
|
||||
+ dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
|
||||
delete_hash_list(del_key[i].Type, del_key[i].Mok,
|
||||
del_key[i].MokSize, mok, mok_num);
|
||||
}
|
||||
@@ -2564,6 +2585,7 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE * systab)
|
||||
|
||||
InitializeLib(image_handle, systab);
|
||||
|
||||
+ setup_verbosity();
|
||||
setup_rand();
|
||||
|
||||
console_mode_handle();
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 49e14a26521..a17fa2bef14 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -36,7 +36,7 @@ endif
|
||||
OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o
|
||||
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
|
||||
ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h)
|
||||
-MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
|
||||
+MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o
|
||||
ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
|
||||
FALLBACK_OBJS = fallback.o tpm.o errlog.o
|
||||
ORIG_FALLBACK_SRCS = fallback.c
|
||||
--
|
||||
2.26.2
|
||||
|
@ -0,0 +1,37 @@
|
||||
From ac610fe45491deccaab2c4ee689cbbdac117930a Mon Sep 17 00:00:00 2001
|
||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
||||
Date: Tue, 8 Sep 2020 12:26:45 +0200
|
||||
Subject: [PATCH] Fix buffer overrun due DEFAULT_LOADER length miscalculation
|
||||
|
||||
The DEFAULT_LOADER is a UCS-2 string and the StrLen() function returns the
|
||||
number of UCS-2 encoded characters in the string. But the allocated memory
|
||||
is in bytes, so only half of the needed memory to store it is allocated.
|
||||
|
||||
This leads to a buffer overrun when the StrCpy() function attempts to copy
|
||||
the DEFAULT_LOADER to the allocated buffer.
|
||||
|
||||
Fixes: 354bd9b1931 ("Actually check for errors from set_second_stage()")
|
||||
Reported-by: Stuart Hayes <stuart_hayes@dell.com>
|
||||
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
||||
---
|
||||
shim.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/shim.c b/shim.c
|
||||
index 34dce25c330..82913c934f6 100644
|
||||
--- a/shim.c
|
||||
+++ b/shim.c
|
||||
@@ -2096,8 +2096,9 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
|
||||
unsigned int i;
|
||||
UINTN second_stage_len;
|
||||
|
||||
- second_stage_len = StrLen(DEFAULT_LOADER) + 1;
|
||||
+ second_stage_len = (StrLen(DEFAULT_LOADER) + 1) * sizeof(CHAR16);
|
||||
second_stage = AllocatePool(second_stage_len);
|
||||
+
|
||||
if (!second_stage) {
|
||||
perror(L"Could not allocate %lu bytes\n", second_stage_len);
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
--
|
||||
2.28.0
|
||||
|
@ -18,7 +18,7 @@
|
||||
|
||||
Name: shim-unsigned-%{efiarch}
|
||||
Version: 15
|
||||
Release: 8.el8
|
||||
Release: 9.el8
|
||||
Summary: First-stage UEFI bootloader
|
||||
ExclusiveArch: x86_64
|
||||
License: BSD
|
||||
@ -94,6 +94,8 @@ Patch0060: 0060-Improve-debug-output-some.patch
|
||||
Patch0061: 0061-Also-use-a-config-table-to-mirror-mok-variables.patch
|
||||
Patch0062: 0062-Implement-lennysz-s-suggestions-for-MokListRT.patch
|
||||
Patch0063: 0063-hexdump.h-fix-arithmetic-error.patch
|
||||
Patch0064: 0064-Fix-some-mokmanager-deletion-paths.patch
|
||||
Patch0065: 0065-Fix-buffer-overrun-due-DEFAULT_LOADER-length-miscalc.patch
|
||||
|
||||
BuildRequires: elfutils-libelf-devel
|
||||
BuildRequires: git openssl-devel openssl
|
||||
@ -231,6 +233,10 @@ cd ..
|
||||
%files debugsource -f build-%{efiarch}/debugsource.list
|
||||
|
||||
%changelog
|
||||
* Thu Sep 17 2020 Peter Jones <pjones@redhat.com> - 15-9.el8
|
||||
- Fix an incorrect allocation size.
|
||||
Related: rhbz#1877253
|
||||
|
||||
* Thu Jul 30 2020 Peter Jones <pjones@redhat.com> - 15-8
|
||||
- Fix a load-address-dependent forever loop.
|
||||
Resolves: rhbz#1861977
|
||||
|
Loading…
Reference in New Issue
Block a user