|
 |
20abf0 |
From f16250b35aff6995e540143a9858c9cf0d1f9573 Mon Sep 17 00:00:00 2001
|
|
|
20abf0 |
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
|
20abf0 |
Date: Mon, 21 Jun 2021 14:04:34 -0400
|
|
|
20abf0 |
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
|
|
|
20abf0 |
buffer size
|
|
|
20abf0 |
|
|
|
20abf0 |
Reset the buffer size indicator in a TPM2B type of buffer after it failed
|
|
|
20abf0 |
the test for the maximum buffer size it allows. This prevents having bad
|
|
|
20abf0 |
buffer sizes in memory that can come to haunt us when writing the volatile
|
|
|
20abf0 |
state for example.
|
|
|
20abf0 |
|
|
|
20abf0 |
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
|
20abf0 |
---
|
|
|
20abf0 |
src/tpm2/NVMarshal.c | 1 +
|
|
|
20abf0 |
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
|
|
|
20abf0 |
2 files changed, 22 insertions(+)
|
|
|
20abf0 |
|
|
|
20abf0 |
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
|
|
20abf0 |
index efbab70..9f6d0f7 100644
|
|
|
20abf0 |
--- a/src/tpm2/NVMarshal.c
|
|
|
20abf0 |
+++ b/src/tpm2/NVMarshal.c
|
|
|
20abf0 |
@@ -1503,6 +1503,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
"allocated %zu\n",
|
|
|
20abf0 |
(size_t)data->size, (size_t)data->allocated);
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ data->size = 0;
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
|
|
|
20abf0 |
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
|
|
|
20abf0 |
index c692ccc..8e7a9b7 100644
|
|
|
20abf0 |
--- a/src/tpm2/Unmarshal.c
|
|
|
20abf0 |
+++ b/src/tpm2/Unmarshal.c
|
|
|
20abf0 |
@@ -136,6 +136,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->size > targetSize) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->size = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
@@ -1686,6 +1687,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
|
|
20abf0 |
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
|
|
|
20abf0 |
(target->sizeofSelect > PCR_SELECT_MAX)) {
|
|
|
20abf0 |
rc = TPM_RC_VALUE;
|
|
|
20abf0 |
+ target->sizeofSelect = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
@@ -1859,6 +1861,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_CAP_CC) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -1897,6 +1900,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_CAP_CC) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -1920,6 +1924,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_ALG_LIST_SIZE) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -1942,6 +1947,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_CAP_HANDLES) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -1970,11 +1976,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
/* TPM side is hard coded to 2 minimum */
|
|
|
20abf0 |
if (target->count < 2) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > 8) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -1997,6 +2005,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > HASH_COUNT) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2019,6 +2028,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > HASH_COUNT) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2044,6 +2054,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_CAP_ALGS) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2066,6 +2077,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_TPM_PROPERTIES) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2088,6 +2100,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_PCR_PROPERTIES) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2110,6 +2123,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_ECC_CURVES) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2132,6 +2146,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->count > MAX_TAGGED_POLICIES) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->count = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
|
|
20abf0 |
@@ -2781,6 +2796,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->size != startSize - *size) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->size = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
return rc;
|
|
|
20abf0 |
@@ -3540,6 +3556,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->size != startSize - *size) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->size = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
return rc;
|
|
|
20abf0 |
@@ -4063,6 +4080,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->size != startSize - *size) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->size = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
return rc;
|
|
|
20abf0 |
@@ -4158,6 +4176,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->size != startSize - *size) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->size = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
@@ -4233,6 +4252,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->dataSize > MAX_NV_INDEX_SIZE) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->dataSize = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
return rc;
|
|
|
20abf0 |
@@ -4263,6 +4283,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
|
|
20abf0 |
if (rc == TPM_RC_SUCCESS) {
|
|
|
20abf0 |
if (target->size != startSize - *size) {
|
|
|
20abf0 |
rc = TPM_RC_SIZE;
|
|
|
20abf0 |
+ target->size = 0; // libtpms added
|
|
|
20abf0 |
}
|
|
|
20abf0 |
}
|
|
|
20abf0 |
return rc;
|
|
|
20abf0 |
--
|
|
|
20abf0 |
2.29.0
|
|
|
20abf0 |
|