From 22568c16296674c4e8f9c46615c5ff385386449d Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Tue, 7 Nov 2023 10:01:25 +0800
Subject: [PATCH] fix CVE-2023-40546

---
 backport-CVE-2023-40546.patch | 39 +++++++++++++++++++++++++++++++++++
 shim.spec                     |  6 +++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-40546.patch

diff --git a/backport-CVE-2023-40546.patch b/backport-CVE-2023-40546.patch
new file mode 100644
index 0000000..b7dfa7e
--- /dev/null
+++ b/backport-CVE-2023-40546.patch
@@ -0,0 +1,39 @@
+From 66e6579dbf921152f647a0c16da1d3b2f40861ca Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 7 Jun 2023 13:15:49 -0400
+Subject: [PATCH] CVE-2023-40546 mok: fix LogError() invocation
+
+On some ARM platform, jlinton noticed that when we fail to set a
+variable (because it isn't supported at all, presumably), our error
+message has an extra argument that doesn't match the format string.
+
+This patch removes the extra argument.
+
+Resolves: CVE-2023-40546
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ mok.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mok.c b/mok.c
+index be1eaa15..0ac34158 100644
+--- a/mok.c
++++ b/mok.c
+@@ -291,7 +291,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
+ 					 &var, &varsz);
+ 	if (EFI_ERROR(efi_status) || !var || !varsz) {
+ 		LogError(L"Couldn't allocate %lu bytes for mok variable \"%s\": %r\n",
+-			 varsz, var, efi_status);
++			 varsz, name, efi_status);
+ 		return efi_status;
+ 	}
+ 
+@@ -302,7 +302,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
+ 	FreePool(var);
+ 	if (EFI_ERROR(efi_status)) {
+ 		LogError(L"Couldn't create mok variable \"%s\": %r\n",
+-			 varsz, var, efi_status);
++			 name, efi_status);
+ 		return efi_status;
+ 	}
+ 
diff --git a/shim.spec b/shim.spec
index 250020c..f8e3aba 100644
--- a/shim.spec
+++ b/shim.spec
@@ -22,7 +22,7 @@
 
 Name:		shim
 Version:	15
-Release:        27
+Release:        28
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:  x86_64 aarch64
 License:	BSD
@@ -56,6 +56,7 @@ Patch21:       backport-CVE-2021-3712.patch
 Patch22:       backport-CVE-2023-0286.patch
 Patch23:       backport-CVE-2023-0464.patch
 Patch24:       backport-CVE-2023-3817.patch
+Patch25:       backport-CVE-2023-40546.patch
 
 BuildRequires:	elfutils-libelf-devel openssl-devel openssl git pesign gnu-efi gnu-efi-devel gcc
 Requires:       dbxtool efi-filesystem mokutil
@@ -154,6 +155,9 @@ cd ..
 /usr/src/debug/%{name}-%{version}-%{release}/*
 
 %changelog
+* Tue Nov 7 2023 jinlun <jinlun@huawei.com> - 15-28
+- fix CVE-2023-40546
+
 * Fri Sep 22 2023 jinlun <jinlun@huawei.com> - 15-27
 - fix CVE-2023-0464 CVE-2023-3817
 
-- 
Gitee