代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 src-openEuler/libtpms 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
7.26 KB
yezengruan
提交于
2022-05-18 15:47
.
fix CVE-2021-3623
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202
From aa4f8ee9f23e2a87f704ef1b81de12594480de96 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 14:04:34 -0400
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
buffer size
Reset the buffer size indicator in a TPM2B type of buffer after it failed
the test for the maximum buffer size it allows. This prevents having bad
buffer sizes in memory that can come to haunt us when writing the volatile
state for example.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 1 +
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 7c140ea..8f77fa2 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1473,6 +1473,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
"allocated %zu\n",
(size_t)data->size, (size_t)data->allocated);
rc = TPM_RC_SIZE;
+ data->size = 0;
}
}
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index 9a1d723..bac7d76 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -137,6 +137,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size > targetSize) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1617,6 +1618,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
(target->sizeofSelect > PCR_SELECT_MAX)) {
rc = TPM_RC_VALUE;
+ target->sizeofSelect = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1787,6 +1789,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1824,6 +1827,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1846,6 +1850,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ALG_LIST_SIZE) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1868,6 +1873,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_HANDLES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1895,11 +1901,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
/* TPM side is hard coded to 2 minimum */
if (target->count < 2) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
if (target->count > 8) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1922,6 +1930,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1944,6 +1953,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1967,6 +1977,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_ALGS) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1989,6 +2000,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TPM_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2011,6 +2023,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_PCR_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2033,6 +2046,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ECC_CURVES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2055,6 +2069,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TAGGED_POLICIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2704,6 +2719,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3462,6 +3478,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3985,6 +4002,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -4080,6 +4098,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
}
@@ -4155,6 +4174,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->dataSize > MAX_NV_INDEX_SIZE) {
rc = TPM_RC_SIZE;
+ target->dataSize = 0; // libtpms added
}
}
return rc;
@@ -4185,6 +4205,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
--
2.27.0
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化