| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170530045208.vqnik6t3zulp4mxe@intel.com>
Date: Tue, 30 May 2017 07:52:08 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc: tpmdd-devel@...ts.sourceforge.net,
linux-security-module@...r.kernel.org,
Peter Huewe <peterhuewe@....de>,
Marcel Selhorst <tpmdd@...horst.net>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC] tpm: migrate pubek_show to struct tpm_buf
On Thu, May 25, 2017 at 04:40:50PM -0600, Jason Gunthorpe wrote:
> On Thu, May 25, 2017 at 03:28:01PM -0700, Jarkko Sakkinen wrote:
> > On Thu, May 25, 2017 at 03:16:13PM -0600, Jason Gunthorpe wrote:
> > > On Thu, May 25, 2017 at 02:11:04PM -0700, Jarkko Sakkinen wrote:
> > > > struct tpm_chip *chip = to_tpm_chip(dev);
> > > > + char anti_replay[20];
> > > >
> > > > - tpm_cmd.header.in = tpm_readpubek_header;
> > > > - err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
> > > > + rc = tpm_buf_init(&tpm_buf, TPM_TAG_RQU_COMMAND, TPM_ORD_READPUBEK);
> > > > + if (rc)
> > > > + return rc;
> > > > +
> > > > + /* The checksum is ignored so it doesn't matter what the contents are.
> > > > + */
> > > > + tpm_buf_append(&tpm_buf, anti_replay, sizeof(anti_replay));
> > >
> > > It does matter, we do not want to leak random kernel memory incase it
> > > has something sensitive. Zero anti_replay.
> >
> > If there was a leak it has existed before this change as tpm_cmd was
> > also allocated from stack. And there is not leak because the checksum is
> > not printed.
>
> It leaks stack memory to the TPM which is not OK.
Right, of course, vtpm_tpm_proxy.
/Jarkko
Powered by blists - more mailing lists