import shim-unsigned-x64-15-9.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:52:53 -05:00 committed by Andrew Lukoshko
parent 90b875047d
commit 38ad50963b
3 changed files with 166 additions and 1 deletions

View File

@ -0,0 +1,122 @@
From 18843127dc0eace16d43d479bd091e221e8785c4 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 17 Aug 2020 15:47:19 -0400
Subject: [PATCH] Fix some mokmanager deletion paths
This fixes several codepaths where MokList and MokListX are supposed to
be deleted, but are not. It also adds debug logging to much of the
deletion codepath.
---
MokManager.c | 24 +++++++++++++++++++++++-
Makefile | 2 +-
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/MokManager.c b/MokManager.c
index c9949e33bcf..9bae3414fe7 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -9,6 +9,8 @@
#include "shim.h"
+#include "hexdump.h"
+
#define PASSWORD_MAX 256
#define PASSWORD_MIN 1
#define SB_PASSWORD_LEN 16
@@ -1050,9 +1052,11 @@ static EFI_STATUS mok_reset_prompt(BOOLEAN MokX)
if (MokX) {
LibDeleteVariable(L"MokXNew", &SHIM_LOCK_GUID);
LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID);
+ LibDeleteVariable(L"MokListX", &SHIM_LOCK_GUID);
} else {
LibDeleteVariable(L"MokNew", &SHIM_LOCK_GUID);
LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID);
+ LibDeleteVariable(L"MokList", &SHIM_LOCK_GUID);
}
return EFI_SUCCESS;
@@ -1075,6 +1079,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
else
db_name = L"MokList";
+ dprint(L"Writing back %s (%d entries)\n", db_name, key_num);
for (i = 0; i < key_num; i++) {
if (list[i].Mok == NULL)
continue;
@@ -1085,8 +1090,15 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
DataSize += sizeof(EFI_GUID);
DataSize += list[i].MokSize;
}
- if (DataSize == 0)
+ if (DataSize == 0) {
+ dprint(L"DataSize = 0; deleting variable %s\n", db_name);
+ efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ DataSize, Data);
+ dprint(L"efi_status:%llu\n", efi_status);
return EFI_SUCCESS;
+ }
Data = AllocatePool(DataSize);
if (Data == NULL)
@@ -1291,11 +1303,15 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
}
if (auth_size == PASSWORD_CRYPT_SIZE) {
+ dprint(L"matching password with CRYPT");
efi_status = match_password((PASSWORD_CRYPT *) auth, NULL, 0,
NULL, NULL);
+ dprint(L"match_password(0x%llx, NULL, 0, NULL, NULL) = %lu\n", auth, efi_status);
} else {
+ dprint(L"matching password as sha256sum");
efi_status =
match_password(NULL, MokDel, MokDelSize, auth, NULL);
+ dprint(L"match_password(NULL, 0x%llx, %llu, 0x%llx, NULL) = %lu\n", MokDel, MokDelSize, auth, efi_status);
}
if (EFI_ERROR(efi_status))
return EFI_ACCESS_DENIED;
@@ -1365,12 +1381,17 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
}
/* Search and destroy */
+ dprint(L"deleting certs from %a\n", MokX ? "MokListX" : "MokList");
for (i = 0; i < del_num; i++) {
type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
if (CompareGuid(&type, &X509_GUID) == 0) {
+ dprint(L"deleting key %d (total %d):\n", i, mok_num);
+ dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
delete_cert(del_key[i].Mok, del_key[i].MokSize,
mok, mok_num);
} else if (is_sha2_hash(del_key[i].Type)) {
+ dprint(L"deleting hash %d (total %d):\n", i, mok_num);
+ dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
delete_hash_list(del_key[i].Type, del_key[i].Mok,
del_key[i].MokSize, mok, mok_num);
}
@@ -2564,6 +2585,7 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE * systab)
InitializeLib(image_handle, systab);
+ setup_verbosity();
setup_rand();
console_mode_handle();
diff --git a/Makefile b/Makefile
index 49e14a26521..a17fa2bef14 100644
--- a/Makefile
+++ b/Makefile
@@ -36,7 +36,7 @@ endif
OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h)
-MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
+MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o
ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
FALLBACK_OBJS = fallback.o tpm.o errlog.o
ORIG_FALLBACK_SRCS = fallback.c
--
2.26.2

View File

@ -0,0 +1,37 @@
From ac610fe45491deccaab2c4ee689cbbdac117930a Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 8 Sep 2020 12:26:45 +0200
Subject: [PATCH] Fix buffer overrun due DEFAULT_LOADER length miscalculation
The DEFAULT_LOADER is a UCS-2 string and the StrLen() function returns the
number of UCS-2 encoded characters in the string. But the allocated memory
is in bytes, so only half of the needed memory to store it is allocated.
This leads to a buffer overrun when the StrCpy() function attempts to copy
the DEFAULT_LOADER to the allocated buffer.
Fixes: 354bd9b1931 ("Actually check for errors from set_second_stage()")
Reported-by: Stuart Hayes <stuart_hayes@dell.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
shim.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 34dce25c330..82913c934f6 100644
--- a/shim.c
+++ b/shim.c
@@ -2096,8 +2096,9 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
unsigned int i;
UINTN second_stage_len;
- second_stage_len = StrLen(DEFAULT_LOADER) + 1;
+ second_stage_len = (StrLen(DEFAULT_LOADER) + 1) * sizeof(CHAR16);
second_stage = AllocatePool(second_stage_len);
+
if (!second_stage) {
perror(L"Could not allocate %lu bytes\n", second_stage_len);
return EFI_OUT_OF_RESOURCES;
--
2.28.0

View File

@ -18,7 +18,7 @@
Name: shim-unsigned-%{efiarch}
Version: 15
Release: 8.el8
Release: 9.el8
Summary: First-stage UEFI bootloader
ExclusiveArch: x86_64
License: BSD
@ -94,6 +94,8 @@ Patch0060: 0060-Improve-debug-output-some.patch
Patch0061: 0061-Also-use-a-config-table-to-mirror-mok-variables.patch
Patch0062: 0062-Implement-lennysz-s-suggestions-for-MokListRT.patch
Patch0063: 0063-hexdump.h-fix-arithmetic-error.patch
Patch0064: 0064-Fix-some-mokmanager-deletion-paths.patch
Patch0065: 0065-Fix-buffer-overrun-due-DEFAULT_LOADER-length-miscalc.patch
BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
@ -231,6 +233,10 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list
%changelog
* Thu Sep 17 2020 Peter Jones <pjones@redhat.com> - 15-9.el8
- Fix an incorrect allocation size.
Related: rhbz#1877253
* Thu Jul 30 2020 Peter Jones <pjones@redhat.com> - 15-8
- Fix a load-address-dependent forever loop.
Resolves: rhbz#1861977