| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f6ab30f39a14550b6fc111feb83b2657006b8b8c.camel@HansenPartnership.com>
Date: Mon, 15 Jul 2024 07:52:16 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jarkko Sakkinen <jarkko@...nel.org>, Hao Ge <hao.ge@...ux.dev>,
peterhuewe@....de, jgg@...pe.ca
Cc: linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org, Hao Ge
<gehao@...inos.cn>
Subject: Re: [PATCH] tpm: Move dereference after NULL check in
tpm_buf_check_hmac_response
On Mon, 2024-07-15 at 14:25 +0300, Jarkko Sakkinen wrote:
> On Tue Jul 9, 2024 at 5:33 AM EEST, Hao Ge wrote:
> > From: Hao Ge <gehao@...inos.cn>
> >
> > We shouldn't dereference "auth" until after we have checked that it
> > is
> > non-NULL.
> >
> > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in
> > tpm_buf_append_hmac_session*()")
> > Signed-off-by: Hao Ge <gehao@...inos.cn>
>
> Also lacking:
>
> Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
> Closes:
> https://lore.kernel.org/linux-integrity/3b1755a9-b12f-42fc-b26d-de2fe4e13ec2@stanley.mountain/T/#u
>
> What is happening here is that my commit exposed pre-existing bug to
> static analysis but it did not introduce a new regression.
Actually, it didn't. The previous design was sessions were config
determined and either auth would be non-NULL or attach would fail. You
chose with this series to make auth the indicator of whether sessions
should be used, and before this auth could not be NULL so no bug
existed.
Consider also the fidelity of the Fixes tag for stable: this commit
needs backporting with 7ca110f2679b and Fixes should identify that
James
Powered by blists - more mailing lists