tpm2-tss/SOURCES/0004-ESYS-Fix-buffer-overflow-in-xor-parameter-obfuscatio.patch
2023-11-14 20:05:27 +00:00

43 lines
1.7 KiB
Diff

From 3a540d570d265c80dca31bfec23d267cdfa1c294 Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
Date: Mon, 12 Jul 2021 10:52:53 +0200
Subject: [PATCH 4/4] ESYS: Fix buffer overflow in xor parameter obfuscation.
If trace is activated LOGBLOB_TRACE is called with a wrong pointer to display
the obfuscated data. Fixes #2115.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
---
src/tss2-esys/esys_crypto.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/tss2-esys/esys_crypto.c b/src/tss2-esys/esys_crypto.c
index aef3e50b..a2b7b937 100644
--- a/src/tss2-esys/esys_crypto.c
+++ b/src/tss2-esys/esys_crypto.c
@@ -499,6 +499,7 @@ iesys_xor_parameter_obfuscation(TPM2_ALG_ID hash_alg,
size_t data_size_bits = data_size * 8;
size_t rest_size = data_size;
BYTE *kdfa_byte_ptr;
+ BYTE *data_start = data;
if (key == NULL || data == NULL) {
LOG_ERROR("Bad reference");
@@ -514,11 +515,11 @@ iesys_xor_parameter_obfuscation(TPM2_ALG_ID hash_alg,
return_if_error(r, "iesys_crypto_KDFa failed");
/* XOR next data sub block with KDFa result */
kdfa_byte_ptr = kdfa_result;
- LOGBLOB_TRACE(data, data_size, "Parameter data before XOR");
+ LOGBLOB_TRACE(data_start, data_size, "Parameter data before XOR");
for(size_t i = digest_size < rest_size ? digest_size : rest_size; i > 0;
i--)
*data++ ^= *kdfa_byte_ptr++;
- LOGBLOB_TRACE(data, data_size, "Parameter data after XOR");
+ LOGBLOB_TRACE(data_start, data_size, "Parameter data after XOR");
rest_size = rest_size < digest_size ? 0 : rest_size - digest_size;
}
return TSS2_RC_SUCCESS;
--
2.41.0