blob: 19dc895b92dd824b57a8a3d1c483fa13938a227b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index b3be566..a2523f5 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -544,6 +544,18 @@ HashPeImage (
if (!Status) {
goto Done;
}
+ /*
+ * Problem: some unsigned PECOFF binaries don't always end on an aligned
+ * size. For this case, pad them with zeros up to the aligned size
+ */
+ if (ALIGN_SIZE(mImageSize)) {
+ UINT64 zerofill = 0;
+
+ Status = mHash[HashAlg].HashUpdate(HashCtx, &zerofill, ALIGN_SIZE(mImageSize));
+ if (!Status) {
+ goto Done;
+ }
+ }
} else if (mImageSize < CertSize + SumOfBytesHashed) {
Status = FALSE;
goto Done;
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
index 55371e9..bdf27ac 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
@@ -43,6 +43,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define MAX_NOTIFY_STRING_LEN 64
#define TWO_BYTE_ENCODE 0x82
+#define ALIGNMENT_SIZE 8
+#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
+
//
// Image type definitions
//
|
