sbsigntool fix (was Re: [PATCH] Fix PE/COFF checksum calculation)
Steve McIntyre
steve at einval.com
Thu Jun 13 13:53:24 BST 2019
Sharing with others too. No idea if James is having mail problems or
something...
On Mon, Apr 29, 2019 at 03:55:10PM +0100, Steve McIntyre wrote:
>Hi James!
>
>Not had a response yet, I guess you're busy. Would a mailing list
>somewhere be better for this?
>
>On Fri, Apr 19, 2019 at 11:14:46PM +0100, Steve McIntyre wrote:
>>Hi James,
>>
>>Only count the cert_table header once when performing the calculation
>>and counting buffer sizes.
>>
>>Signed-off-by: Steve McIntyre <93sam at debian.org>
>>---
>> src/image.c | 6 +-----
>> 1 file changed, 1 insertion(+), 5 deletions(-)
>>
>>diff --git a/src/image.c b/src/image.c
>>index 745191f..3ada37b 100644
>>--- a/src/image.c
>>+++ b/src/image.c
>>@@ -162,7 +162,6 @@ static void image_pecoff_update_checksum(struct image *image)
>> {
>> bool is_signed = image->sigsize && image->sigbuf;
>> uint32_t checksum;
>>- struct cert_table_header *cert_table = image->cert_table;
>>
>> /* We carefully only include the signature data in the checksum (and
>> * in the file length) if we're outputting the signature. Otherwise,
>>@@ -180,16 +179,13 @@ static void image_pecoff_update_checksum(struct image *image)
>> (void *)(image->checksum + 1));
>>
>> if (is_signed) {
>>- checksum = csum_bytes(checksum,
>>- cert_table, sizeof(*cert_table));
>>-
>> checksum = csum_bytes(checksum, image->sigbuf, image->sigsize);
>> }
>>
>> checksum += image->data_size;
>>
>> if (is_signed)
>>- checksum += sizeof(*cert_table) + image->sigsize;
>>+ checksum += image->sigsize;
>>
>> *(image->checksum) = cpu_to_le32(checksum);
>> }
>>--
>>2.20.1
>>
>>
>--
>Steve McIntyre, Cambridge, UK. steve at einval.com
>Is there anybody out there?
--
Steve McIntyre, Cambridge, UK. steve at einval.com
Into the distance, a ribbon of black
Stretched to the point of no turning back
More information about the Efi
mailing list