1362aab239
Resolves: CVE-2023-22745 Resolves: rhbz#2160302 Resolves: rhbz#2162611 Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
32 lines
1.2 KiB
Diff
32 lines
1.2 KiB
Diff
From b94392537a1ed43918483a2bfa8a90e5fd05354d Mon Sep 17 00:00:00 2001
|
|
From: Stefan Thom <mail@LordOfDorks.com>
|
|
Date: Fri, 5 Jun 2020 12:11:39 -0700
|
|
Subject: [PATCH 2/4] esys: Shared secret calculation is not spec compliant.
|
|
|
|
Refer to specification part 1 Architecture, Section 20.1 AuditSession
|
|
Introduction: If the session was bound when created (see 19.6.10 and
|
|
19.6.12), the bind value is lost and any further use of the session for
|
|
authorization will require that the authValue be used in the HMAC.
|
|
|
|
Signed-off-by: Stefan Thom <mail@LordOfDorks.com>
|
|
---
|
|
src/tss2-esys/esys_tr.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/src/tss2-esys/esys_tr.c b/src/tss2-esys/esys_tr.c
|
|
index c9ea537a..d14c7d35 100644
|
|
--- a/src/tss2-esys/esys_tr.c
|
|
+++ b/src/tss2-esys/esys_tr.c
|
|
@@ -511,6 +511,8 @@ Esys_TRSess_SetAttributes(ESYS_CONTEXT * esys_context, ESYS_TR esys_handle,
|
|
esys_object->rsrc.misc.rsrc_session.sessionAttributes =
|
|
(esys_object->rsrc.misc.rsrc_session.
|
|
sessionAttributes & ~mask) | (flags & mask);
|
|
+ if (esys_object->rsrc.misc.rsrc_session.sessionAttributes & TPMA_SESSION_AUDIT)
|
|
+ esys_object->rsrc.misc.rsrc_session.bound_entity.size = 0;
|
|
return TSS2_RC_SUCCESS;
|
|
}
|
|
|
|
--
|
|
2.41.0
|
|
|