Overview

File shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch of Package shim

From 928984f771e27d0a64def166bbc5137ce1859fe8 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Fri, 16 Oct 2020 15:24:44 +0800
Subject: [PATCH] Cryptlib/CryptAuthenticode: fix NULL pointer dereference in
 AuthenticodeVerify()

Merge the fix from edk2 upstream:
https://bugzilla.tianocore.org/show_bug.cgi?id=1914
https://edk2.groups.io/g/devel/message/66309

Signed-off-by: Gary Lin <glin@suse.com>
---
 Cryptlib/Pk/CryptAuthenticode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c
index 74e50a2..faa1efd 100644
--- a/Cryptlib/Pk/CryptAuthenticode.c
+++ b/Cryptlib/Pk/CryptAuthenticode.c
@@ -106,7 +106,7 @@ AuthenticodeVerify (
   //
   // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
   //
-  if (!PKCS7_type_is_signed (Pkcs7)) {
+  if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) {
     goto _Exit;
   }
 
-- 
2.28.0
openSUSE Build Service is sponsored by
Places