coreboot-mirror
/
seabios
mirror of https://review.coreboot.org/seabios.git
1
0
Fork 0
Code Issues Releases Wiki Activity

tcgbios: Check for enough bytes returned from TPM2_GetCapability 

When querying a TPM 2.0 for its PCRs, make sure that we get enough bytes
from it in a response that did not indicate a failure. Basically we are
defending against a TPM 2.0 sending responses that are not compliant to
the specs.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2019-11-06 16:36:00 -05:00 committed by Kevin O'Connor
parent 0672bd3b6a
commit 0594486b63
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/tcgbios.c
View File

@ -481,8 +481,17 @@ tpm20_get_pcrbanks(void)
if (ret)
return ret;
u32 size = be32_to_cpu(trg->hdr.totlen) -
offsetof(struct tpm2_res_getcapability, data);
/* defend against (broken) TPM sending packets that are too short */
u32 resplen = be32_to_cpu(trg->hdr.totlen);
if (resplen <= offsetof(struct tpm2_res_getcapability, data))
return -1;
u32 size = resplen - offsetof(struct tpm2_res_getcapability, data);
/* we need a valid tpml_pcr_selection up to and including sizeOfSelect */
if (size < offsetof(struct tpml_pcr_selection, selections) +
offsetof(struct tpms_pcr_selection, pcrSelect))
return -1;
tpm20_pcr_selection = malloc_high(size);
if (tpm20_pcr_selection) {
memcpy(tpm20_pcr_selection, &trg->data, size);