| Message ID | 1484057900-17871-1-git-send-email-stefanb@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Jan 10, 2017 at 09:18:11AM -0500, Stefan Berger wrote: > Make sure that we have not received less bytes than what is indicated > in the header of the TPM response. IMHO this entire series should be tagged for stable, can you please add a Cc: and Fixes: Thanks, Jason -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 01/10/2017 11:15 AM, Jason Gunthorpe wrote: > On Tue, Jan 10, 2017 at 09:18:11AM -0500, Stefan Berger wrote: >> Make sure that we have not received less bytes than what is indicated >> in the header of the TPM response. > IMHO this entire series should be tagged for stable, can you please > add a Cc: and Fixes: I don't have a way to test all the commands to make sure whether one is now failing. Several ones for TPM 1.2 are reachable via sysfs, but not so easy for TPM2. So I would suggest to try it out first, then propagate it into stable after some time. Stefan > > Thanks, > Jason > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jan 10, 2017 at 09:18:11AM -0500, Stefan Berger wrote: > Make sure that we have not received less bytes than what is indicated > in the header of the TPM response. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> NAK for the whole patch set as it is missing the cover letter. Also you should pick my validation patch to this patch set and do the check inside the new function. /Jarkko > --- > drivers/char/tpm/tpm-interface.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > index fecdd3f..9d6f894 100644 > --- a/drivers/char/tpm/tpm-interface.c > +++ b/drivers/char/tpm/tpm-interface.c > @@ -446,6 +446,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *cmd, > return -EFAULT; > > header = cmd; > + if (len < be32_to_cpu(header->length)) > + return -EFAULT; > > err = be32_to_cpu(header->return_code); > if (err != 0 && desc) > -- > 2.4.3 > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index fecdd3f..9d6f894 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -446,6 +446,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *cmd, return -EFAULT; header = cmd; + if (len < be32_to_cpu(header->length)) + return -EFAULT; err = be32_to_cpu(header->return_code); if (err != 0 && desc)
Make sure that we have not received less bytes than what is indicated in the header of the TPM response. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- drivers/char/tpm/tpm-interface.c | 2 ++ 1 file changed, 2 insertions(+)