rpms
/
libtpms
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s-stream-rhel
Branches Tags
rpms:c8s-stream-rhel
rpms:c8-beta-stream-rhel
rpms:stream-virt-rhel-rhel-8.10.0
rpms:stream-virt-rhel-rhel-8.9.0
rpms:c9s
rpms:c8-stream-rhel
rpms:c9
rpms:c9-beta
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module_el8+310+72016cce
rpms:imports/c8-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+18453+e0bf0d1d
rpms:imports/c9/libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16689+53d59bc2
rpms:imports/c9-beta/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c9/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c9-beta/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c9-beta/libtpms-0.8.2-0.20210301git729fc6a4ca.el9.6
rpms:imports/c8s-stream-rhel/libtpms-0.7.4-6.20201106git2452a24dab.module+el8.6.0+12861+13975d62
...
pull from: rpms:stream-virt-rhel-rhel-8.9.0
Branches Tags
rpms:c8-beta-stream-rhel
rpms:stream-virt-rhel-rhel-8.10.0
rpms:stream-virt-rhel-rhel-8.9.0
rpms:c9s
rpms:c8-stream-rhel
rpms:c9
rpms:c8s-stream-rhel
rpms:c9-beta
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module_el8+310+72016cce
rpms:imports/c8-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+18453+e0bf0d1d
rpms:imports/c9/libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16689+53d59bc2
rpms:imports/c9-beta/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c9/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c9-beta/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c9-beta/libtpms-0.8.2-0.20210301git729fc6a4ca.el9.6
rpms:imports/c8s-stream-rhel/libtpms-0.7.4-6.20201106git2452a24dab.module+el8.6.0+12861+13975d62

No commits in common. "c8s-stream-rhel" and "stream-virt-rhel-rhel-8.9.0" have entirely different histories.
c8s-stream ... stream-vir

7 changed files with 87 additions and 2 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1 +1,5 @@
/libtpms-20191018.tar.xz
/libtpms-20200527.tar.xz
/libtpms-20200818.tar.xz
/libtpms-20201106.tar.xz
SOURCES/libtpms-20211126.tar.xz

2
.libtpms.metadata
View File

@ -1 +1 @@
ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz
ae609402e34992590961b0d025e9ef1202d8dede libtpms-20211126.tar.xz

52
0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch Normal file
View File

@ -0,0 +1,52 @@
From 324dbb4c27ae789c73b69dbf4611242267919dd4 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 20 Feb 2023 14:41:10 -0500
Subject: [PATCH] tpm2: Check size of buffer before accessing it (CVE-2023-1017
& -1018)
Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.
This fixes CVE-2023-1017 & CVE-2023-1018.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/CryptUtil.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 002fde0..8fae5b6 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -830,6 +830,10 @@ CryptParameterDecryption(
+ sizeof(session->sessionKey.t.buffer)));
TPM2B_HMAC_KEY key; // decryption key
UINT32 cipherSize = 0; // size of cipher text
+
+ if (leadingSizeInByte > bufferSize)
+ return TPM_RC_INSUFFICIENT;
+
// Retrieve encrypted data size.
if(leadingSizeInByte == 2)
{
@@ -837,6 +841,7 @@ CryptParameterDecryption(
// data to be decrypted
cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
buffer = &buffer[2]; // advance the buffer
+ bufferSize -= 2;
}
#ifdef TPM4B
else if(leadingSizeInByte == 4)
@@ -844,6 +849,7 @@ CryptParameterDecryption(
// the leading size is four bytes so get the four byte size field
cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
buffer = &buffer[4]; //advance pointer
+ bufferSize -= 4;
}
#endif
else
--
2.39.2

0
SOURCES/0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch → 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
View File

8
SPECS/libtpms.spec → libtpms.spec
View File

@ -3,7 +3,7 @@
Name: libtpms
Version: 0.9.1
Release: 1.%{gitdate}git%{gitversion}%{?dist}
Release: 2.%{gitdate}git%{gitversion}%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD
@ -11,6 +11,7 @@ Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz
ExcludeArch: i686
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed
@ -58,6 +59,11 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
%{_mandir}/man3/*
%changelog
* Tue Mar 21 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43
- Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018)
Resolves: rhbz#2173964
Resolves: rhbz#2173970
* Thu Jul 28 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Backport s_ContextSlotMask initialization fix
Resolves: rhbz#2111433

22
make-git-snapshot.sh Executable file
View File

@ -0,0 +1,22 @@
#!/bin/sh
# Usage: ./make-git-snapshot.sh [COMMIT]
#
# to make a snapshot of the given tag/branch. Defaults to HEAD.
# Point env var REF to a local mesa repo to reduce clone time.
DIRNAME=libtpms-$( date +%Y%m%d )
echo REF ${REF:+--reference $REF}
echo DIRNAME $DIRNAME
echo HEAD ${1:-HEAD}
rm -rf $DIRNAME
git clone ${REF:+--reference $REF} \
https://github.com/stefanberger/libtpms $DIRNAME
GIT_DIR=$DIRNAME/.git git archive --format=tar --prefix=$DIRNAME/ ${1:-HEAD} \
| xz > $DIRNAME.tar.xz
# rm -rf $DIRNAME

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (libtpms-20211126.tar.xz) = 050b945ff538ba23746b08af8779ced944d6c911a046fa7705e5bd7cd8e6344adc85f341a5513c4b7db3e078aaf7ebcce743c45180206a6e001225e02ca242a2