libtpms/SOURCES/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch

From 3f67c46626b4fcf523f27890388dbfc5e4a53987 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 31 Aug 2021 19:44:22 +0400
Subject: [PATCH] tpm2: NVMarshal: Handle index orderly RAM without 0-sized
 terminating node
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The NVRAM entries in s_indexOrderlyRam array do not need to contain a
0-sized terminating node. Instead, the entries may fill up this 512
byte array so that no NV_RAM_HEADER structure fits anymore. The fact
that no more NV_RAM_HEADER structure fits is also an indicator for the
last entry. We need to account for this in the code marshalling and
unmarshalling the entries so that we stop marshalling the entries
then and similarly stop unmarshalling.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
[ backport with misc conflict fixes ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 src/tpm2/NVMarshal.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index ae7d247..02c60ac 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -4036,6 +4036,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
                                      datasize, buffer, size);
         }
         offset += nrh->size;
+	if (offset + sizeof(NV_RAM_HEADER) > array_size) {
+            /* nothing will fit anymore and there won't be a 0-sized
+             * terminating node (@1).
+             */
+            break;
+        }
     }
 
     written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
@@ -4073,6 +4079,15 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
 
     while (rc == TPM_RC_SUCCESS) {
         nrh = array + offset;
+        if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) {
+            /* this case can occur with the previous entry filling up the
+             * space; in this case there will not be a 0-sized terminating
+             * node (see @1 above). We clear the rest of our space.
+             */
+            if (array_size > offset)
+                memset(nrh, 0, array_size - offset);
+            break;
+        }
         /* write the NVRAM header;
            nrh->size holds the complete size including data;
            nrh->size = 0 indicates the end */
-- 
2.33.0.113.g6c40894d24