sbsiglist: fix signature size check
Rather than checking the size with the EFI_SIGNATURE_DATA header, just check the data len. Also, fix the definition for the SHA256 size. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
parent
fd553e841a
commit
a7228c8307
1 changed files with 2 additions and 3 deletions
|
@ -85,7 +85,7 @@ struct cert_type {
|
||||||
|
|
||||||
struct cert_type cert_types[] = {
|
struct cert_type cert_types[] = {
|
||||||
{ "x509", EFI_CERT_X509_GUID, 0 },
|
{ "x509", EFI_CERT_X509_GUID, 0 },
|
||||||
{ "sha256", EFI_CERT_SHA256_GUID, sizeof(EFI_SIGNATURE_DATA) + 16 },
|
{ "sha256", EFI_CERT_SHA256_GUID, 32 },
|
||||||
};
|
};
|
||||||
|
|
||||||
struct siglist_context {
|
struct siglist_context {
|
||||||
|
@ -132,8 +132,7 @@ static int siglist_create(struct siglist_context *ctx)
|
||||||
EFI_SIGNATURE_DATA *sigdata;
|
EFI_SIGNATURE_DATA *sigdata;
|
||||||
uint32_t size;
|
uint32_t size;
|
||||||
|
|
||||||
if (ctx->type->sigsize && ctx->data_len + sizeof(*sigdata)
|
if (ctx->type->sigsize && ctx->data_len != ctx->type->sigsize) {
|
||||||
!= ctx->type->sigsize) {
|
|
||||||
fprintf(stderr, "Error: signature lists of type '%s' expect "
|
fprintf(stderr, "Error: signature lists of type '%s' expect "
|
||||||
"%d bytes of data, "
|
"%d bytes of data, "
|
||||||
"%zd bytes provided.\n",
|
"%zd bytes provided.\n",
|
||||||
|
|
Loading…
Reference in a new issue