efi_loader: add missing validation of timestamp The UEFI specification requires that when UEFI variables are set using time based authentication we have to check that unused fields of the timestamp are zero Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

commit: 7a76a3fbe87db1b29e638fef6fe367c9e4ed5782 [log] [tgz]
author: Heinrich Schuchardt <xypron.glpk@gmx.de> Wed Jul 01 12:44:00 2020 +0200
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> Fri Jul 03 18:03:41 2020 +0200
tree: bf18aa410f8092417033a9394b59d5d340d02b66
parent: e1eb319518c7f4dd46fb0cd33b88f0a9c92914d0 [diff] [blame]
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 74a9c65..f9a0efd 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c

@@ -481,11 +481,15 @@
 	if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
 		goto err;
 
+	memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
+	if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone ||
+	    timestamp.daylight || timestamp.pad2)
+		goto err;
+
 	*data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
 	*data_size -= (sizeof(auth->time_stamp)
 				+ auth->auth_info.hdr.dwLength);
 
-	memcpy(&timestamp, &auth->time_stamp, sizeof(timestamp));
 	memset(&tm, 0, sizeof(tm));
 	tm.tm_year = timestamp.year;
 	tm.tm_mon = timestamp.month;
commit	7a76a3fbe87db1b29e638fef6fe367c9e4ed5782	[log] [tgz]
author	Heinrich Schuchardt <xypron.glpk@gmx.de>	Wed Jul 01 12:44:00 2020 +0200
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	Fri Jul 03 18:03:41 2020 +0200
tree	bf18aa410f8092417033a9394b59d5d340d02b66
parent	e1eb319518c7f4dd46fb0cd33b88f0a9c92914d0 [diff] [blame]