From 435672e322431c14352a096e8cd3bbae56a38979 Mon Sep 17 00:00:00 2001
From: Marcin Wojtas <mw@FreeBSD.org>
Date: Thu, 8 Aug 2019 17:03:30 +0000
Subject: [PATCH] Verify files loaded in chain command.

The chain command can be used to chain load another binary.
If veriexec is enabled we should verify it first.
Note that on EFI systems the verification was already done
through firmware, assuming that Secure Boot was enabled there.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
MFC after: 1 week
Obtained from: Semihalf
Differential Revision: https://reviews.freebsd.org/D20952
---
 stand/efi/loader/main.c   | 8 ++++++++
 stand/i386/loader/chain.c | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/stand/efi/loader/main.c b/stand/efi/loader/main.c
index 171a86332728..c8311daa4881 100644
--- a/stand/efi/loader/main.c
+++ b/stand/efi/loader/main.c
@@ -1440,6 +1440,14 @@ command_chain(int argc, char *argv[])
 		return (CMD_ERROR);
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (verify_file(fd, name, 0, VE_MUST) < 0) {
+		sprintf(command_errbuf, "can't verify: %s", name);
+		close(fd);
+		return (CMD_ERROR);
+	}
+#endif
+
 	if (fstat(fd, &st) < -1) {
 		command_errmsg = "stat failed";
 		close(fd);
diff --git a/stand/i386/loader/chain.c b/stand/i386/loader/chain.c
index 43ba2697e938..2a4816773882 100644
--- a/stand/i386/loader/chain.c
+++ b/stand/i386/loader/chain.c
@@ -75,6 +75,14 @@ command_chain(int argc, char *argv[])
 		return (CMD_ERROR);
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (verify_file(fd, argv[1], 0, VE_MUST) < 0) {
+		sprintf(command_errbuf, "can't verify: %s", argv[1]);
+		close(fd);
+		return (CMD_ERROR);
+	}
+#endif
+
 	len = strlen(argv[1]);
 	if (argv[1][len-1] != ':') {
 		if (fstat(fd, &st) == -1) {