| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200928171238.GB119268@linux.intel.com>
Date: Mon, 28 Sep 2020 20:12:39 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Kai-Heng Feng <kai.heng.feng@...onical.com>,
"Kenneth R. Crudup" <kenny@...ix.com>,
Tyler Hicks <tyhicks@...ux.microsoft.com>,
linux-integrity <linux-integrity@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
Matthew Garrett <mjg59@...gle.com>, tweek@...gle.com
Subject: Re: [Regression] "tpm: Require that all digests are present in
TCG_PCR_EVENT2 structures" causes null pointer dereference
On Mon, Sep 28, 2020 at 06:15:00PM +0200, Ard Biesheuvel wrote:
> > > > It is possible but initially feels a bit weird:
> > > >
> > > > - sizeof(TCG_SPECID_SIG)) || count > efispecid->num_algs) {
> > > > + sizeof(TCG_SPECID_SIG)) ||
> > > > + !efispecid->num_algs || count != efispecid->num_algs) {
^^^
> In tpm2_bios_measurements_start(), we dereference tpm_bios_log to
> access bios_event_log and bios_event_log_end without checking tpm_bios
> for NULL. This is where the crash seems to occur.
That's a good guess. Just a bit confused how that particular patch can
have the effect: it has two deferences to efispecid instead of one in
the same statement. Would be interesting to hear if the bug is triggered
in Kenneth's environment by the exact same commit.
/Jarkko
Powered by blists - more mailing lists