203 lines
7.3 KiB
Diff
203 lines
7.3 KiB
Diff
From 52a82f3eb6d61833c22294cb6377b8cad14e8c83 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Date: Mon, 21 Jun 2021 14:04:34 -0400
|
|
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
|
|
buffer size
|
|
|
|
Reset the buffer size indicator in a TPM2B type of buffer after it failed
|
|
the test for the maximum buffer size it allows. This prevents having bad
|
|
buffer sizes in memory that can come to haunt us when writing the volatile
|
|
state for example.
|
|
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
---
|
|
src/tpm2/NVMarshal.c | 1 +
|
|
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
|
|
2 files changed, 22 insertions(+)
|
|
|
|
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
|
index 141550e..b9934d5 100644
|
|
--- a/src/tpm2/NVMarshal.c
|
|
+++ b/src/tpm2/NVMarshal.c
|
|
@@ -1440,6 +1440,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
|
|
"allocated %zu\n",
|
|
(size_t)data->size, (size_t)data->allocated);
|
|
rc = TPM_RC_SIZE;
|
|
+ data->size = 0;
|
|
}
|
|
}
|
|
|
|
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
|
|
index 9a1d723..bac7d76 100644
|
|
--- a/src/tpm2/Unmarshal.c
|
|
+++ b/src/tpm2/Unmarshal.c
|
|
@@ -137,6 +137,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->size > targetSize) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->size = 0; // libtpms added
|
|
}
|
|
}
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
@@ -1617,6 +1618,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
|
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
|
|
(target->sizeofSelect > PCR_SELECT_MAX)) {
|
|
rc = TPM_RC_VALUE;
|
|
+ target->sizeofSelect = 0; // libtpms added
|
|
}
|
|
}
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
@@ -1787,6 +1789,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_CAP_CC) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1824,6 +1827,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_CAP_CC) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1846,6 +1850,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_ALG_LIST_SIZE) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1868,6 +1873,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_CAP_HANDLES) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1895,11 +1901,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
|
|
/* TPM side is hard coded to 2 minimum */
|
|
if (target->count < 2) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > 8) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1922,6 +1930,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > HASH_COUNT) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1944,6 +1953,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > HASH_COUNT) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1967,6 +1977,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_CAP_ALGS) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -1989,6 +2000,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_TPM_PROPERTIES) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -2011,6 +2023,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_PCR_PROPERTIES) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -2033,6 +2046,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_ECC_CURVES) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -2055,6 +2069,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->count > MAX_TAGGED_POLICIES) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->count = 0; // libtpms added
|
|
}
|
|
}
|
|
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
@@ -2704,6 +2719,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->size != startSize - *size) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->size = 0; // libtpms added
|
|
}
|
|
}
|
|
return rc;
|
|
@@ -3462,6 +3478,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->size != startSize - *size) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->size = 0; // libtpms added
|
|
}
|
|
}
|
|
return rc;
|
|
@@ -3985,6 +4002,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->size != startSize - *size) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->size = 0; // libtpms added
|
|
}
|
|
}
|
|
return rc;
|
|
@@ -4080,6 +4098,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->size != startSize - *size) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->size = 0; // libtpms added
|
|
}
|
|
}
|
|
}
|
|
@@ -4155,6 +4174,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->dataSize > MAX_NV_INDEX_SIZE) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->dataSize = 0; // libtpms added
|
|
}
|
|
}
|
|
return rc;
|
|
@@ -4185,6 +4205,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
|
if (rc == TPM_RC_SUCCESS) {
|
|
if (target->size != startSize - *size) {
|
|
rc = TPM_RC_SIZE;
|
|
+ target->size = 0; // libtpms added
|
|
}
|
|
}
|
|
return rc;
|
|
--
|
|
2.29.0
|
|
|