lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 06 Nov 2023 05:22:26 +0200
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     James Bottomley <James.Bottomley@...senPartnership.com>,
        linux-integrity@...r.kernel.org
Cc:     keyrings@...r.kernel.org,
        William Roberts <bill.c.roberts@...il.com>,
        Stefan Berger <stefanb@...ux.ibm.com>,
        David Howells <dhowells@...hat.com>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Peter Huewe <peterhuewe@....de>,
        Mario Limonciello <mario.limonciello@....com>,
        Julien Gomes <julien@...sta.com>,
        Jerry Snitselaar <jsnitsel@...hat.com>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 5/6] tpm: Add tpm_buf_read_{u8,u16,u32}

On Fri, 2023-10-27 at 08:24 -0400, James Bottomley wrote:
> On Tue, 2023-10-24 at 04:15 +0300, Jarkko Sakkinen wrote:
> > +++ b/drivers/char/tpm/tpm-buf.c
> > @@ -124,3 +124,72 @@ void tpm_buf_append_u32(struct tpm_buf *buf,
> > const u32 value)
> >         tpm_buf_append(buf, (u8 *)&value2, 4);
> >  }
> >  EXPORT_SYMBOL_GPL(tpm_buf_append_u32);
> > +
> > +/**
> > + * tpm_buf_read() - Read from a TPM buffer
> > + * @buf:       &tpm_buf instance
> > + * @offset:    offset within the buffer
> > + * @count:     the number of bytes to read
> > + * @output:    the output buffer
> > + */
> > +static void tpm_buf_read(const struct tpm_buf *buf, off_t *offset,
> > size_t count, void *output)
> > +{
> > +       if (*(offset + count) >= buf->length) {
> 
> I don't think you mean that; it's dereferencing a random location in
> the stack, which is why I see this check trip randomly when testing.  I
> think you mean
> 
> if (*offset + count >= buf->length) {
> 
> James

Yes, true! Thank you.

BR, Jarkko

Powered by blists - more mailing lists