From 264678fcede578c5ce7976f5d8007e698eecd1ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?= Date: Mon, 20 Jan 2025 13:07:50 +0100 Subject: [PATCH] Fix bugs found by SAST MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: RHEL-62754 Signed-off-by: Štěpán Horáček --- sast.diff | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ tss2.spec | 8 ++++++- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 sast.diff diff --git a/sast.diff b/sast.diff new file mode 100644 index 0000000..a959357 --- /dev/null +++ b/sast.diff @@ -0,0 +1,65 @@ +diff --git a/utils/imalib.c b/utils/imalib.c +index 1910dcc..8d40fd2 100644 +--- a/utils/imalib.c ++++ b/utils/imalib.c +@@ -2164,7 +2164,7 @@ static uint32_t IMA_ParseXATTRNAMES(ImaTemplateData *imaTemplateData, + imaTemplateData->imaTemplateXattrs.xattrNamesCount++; + + for (i = 1 ; +- i < sizeof(((ImaTemplateData *)NULL)->imaTemplateXattrs.xattrNamesPtr) ; i++) { ++ i < (sizeof(((ImaTemplateData *)NULL)->imaTemplateXattrs.xattrNamesPtr)) / sizeof(char *) ; i++) { + /* the | is a separator character */ + imaTemplateData->imaTemplateXattrs.xattrNamesPtr[i] = + strchr(imaTemplateData->imaTemplateXattrs.xattrNamesPtr[i-1], '|'); +diff --git a/utils/policymaker.c b/utils/policymaker.c +index 7290ed7..f9c7212 100644 +--- a/utils/policymaker.c ++++ b/utils/policymaker.c +@@ -185,10 +185,10 @@ int main(int argc, char *argv[]) + } + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(digest.hashAlg); ++ memset((uint8_t *)&digest.digest, 0, sizeInBytes); + /* startauthsession sets session digest to zero */ + if (!nz) { + startSizeInBytes = sizeInBytes; +- memset((uint8_t *)&digest.digest, 0, sizeInBytes); + } + else { /* nz TRUE, start with empty buffer */ + startSizeInBytes = 0; +diff --git a/utils/tpmproxy.c b/utils/tpmproxy.c +index 1948121..15f980a 100644 +--- a/utils/tpmproxy.c ++++ b/utils/tpmproxy.c +@@ -556,7 +556,7 @@ TPM_RC socketWrite(SOCKET_FD accept_fd, /* read/write file descriptor */ + } + } + while ((rc == 0) && (buffer_length > 0)) { +- nwritten = send(accept_fd, buffer, (int)buffer_length, 0); ++ nwritten = send(accept_fd, buffer, buffer_length, 0); + if ((nwritten == SOCKET_ERROR) || + (nwritten < 0)) { + printf("socketWrite: Error, send()\n"); +diff --git a/utils/tsssocket.c b/utils/tsssocket.c +index 24cc5fd..992f8c2 100644 +--- a/utils/tsssocket.c ++++ b/utils/tsssocket.c +@@ -594,15 +594,15 @@ static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd, + uint8_t *buffer, + uint32_t nbytes) + { +- int nread = 0; +- int nleft = 0; ++ ssize_t nread = 0; ++ size_t nleft = 0; + + nleft = nbytes; + while (nleft > 0) { + #ifdef TPM_POSIX + nread = read(sock_fd, buffer, nleft); + if (nread < 0) { /* error */ +- if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", nread); ++ if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", errno); + return TSS_RC_BAD_CONNECTION; + } + #endif diff --git a/tss2.spec b/tss2.spec index d4dd05d..87192c2 100644 --- a/tss2.spec +++ b/tss2.spec @@ -9,7 +9,7 @@ Name: tss2 # this is the release of the TSS library Version: 2.3.2 # this is the release of the fedora package, goes back to 1 when version changes -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 1 Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities @@ -17,6 +17,8 @@ License: BSD-3-Clause AND LicenseRef-TCGL URL: http://sourceforge.net/projects/ibmtpm20tss/ Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz +Patch0: sast.diff + BuildRequires: automake BuildRequires: autoconf BuildRequires: libtool @@ -79,6 +81,10 @@ find %{buildroot} -type f -name "*.la" -delete -print %doc ibmtss.docx %changelog +* Mon Jan 20 2025 Štěpán Horáček - 1:2.3.2-4 +- Fix bugs found by SAST +- Resolves: RHEL-62754 + * Tue Oct 29 2024 Troy Dawson - 1:2.3.2-3 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018