Skip to content

MokManager: remove redundant logical constraints #409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 17, 2025
Merged

MokManager: remove redundant logical constraints #409

merged 1 commit into from
Jan 17, 2025

Conversation

@xypron
Copy link
Contributor

@xypron xypron commented Sep 3, 2021

CertList->SignatureSize is of type UINT32 which is always positive.

If CertList->SignatureListSize == 0, then
CertList->SignatureListSize <= CertList->SignatureSize
is also true.

Remove the redundant CertList->SignatureListSize == 0 checks.

A message "Corrupted signature list" is better suited then
"Invalid MOK detected! Ignoring MOK List." in this case.

Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com

@xypron
MokManager: remove redundant logical constraints
e75f65e 
CertList->SignatureSize is of type UINT32 which is always positive.

If CertList->SignatureListSize == 0, then
CertList->SignatureListSize <= CertList->SignatureSize
is also true.

Remove the redundant CertList->SignatureListSize == 0 checks.

A message "Corrupted signature list" is better suited then
"Invalid MOK detected! Ignoring MOK List." in this case.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
@julian-klode
Copy link
Collaborator

julian-klode commented Sep 7, 2021
edited
Loading

While we're at it, (void *)(CertList + 1) > end seems to be undefined behavior if it is true (CertList + 1 being out of bounds), it should be end - (void*)CertList < 1. Ah but well, types and sizes, < sizeof(*CertList).

@xypron
Copy link
Contributor Author

xypron commented Sep 7, 2021

@julian-klode:

(void *)(CertList + 1) > end checks that a complete entry with the same type as CertList is inside the memory area ending at pointer end and can be safely processed. The check that you propose would only require a single first byte to be available.

If you don't see anything wrong with the current patch, please, add your approval.

@vathpela vathpela merged commit b560c52 into rhboot:main Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frozencemetery frozencemetery frozencemetery approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@xypron @julian-klode @frozencemetery @vathpela