lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <D2QWRJMX5UZY.3EO7G8DMPU1ZQ@kernel.org>
Date: Tue, 16 Jul 2024 13:57:39 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jarkko Sakkinen" <jarkko@...nel.org>, "Hao Ge" <hao.ge@...ux.dev>,
 <peterhuewe@....de>, <jgg@...pe.ca>
Cc: <linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>, "Hao
 Ge" <gehao@...inos.cn>
Subject: Re: [PATCH] tpm: Move dereference after NULL check in
 tpm_buf_check_hmac_response

On Tue Jul 16, 2024 at 1:33 PM EEST, Jarkko Sakkinen wrote:
> On Tue Jul 9, 2024 at 5:33 AM EEST, Hao Ge wrote:
> > From: Hao Ge <gehao@...inos.cn>
> >
> > We shouldn't dereference "auth" until after we have checked that it is
> > non-NULL.
> >
> > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> > Signed-off-by: Hao Ge <gehao@...inos.cn>
> > ---
> >  drivers/char/tpm/tpm2-sessions.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> > index 2281d55df545..d3521aadd43e 100644
> > --- a/drivers/char/tpm/tpm2-sessions.c
> > +++ b/drivers/char/tpm/tpm2-sessions.c
> > @@ -746,15 +746,16 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
> >  	struct tpm2_auth *auth = chip->auth;
> >  	off_t offset_s, offset_p;
> >  	u8 rphash[SHA256_DIGEST_SIZE];
> > -	u32 attrs;
> > +	u32 attrs, cc;
> >  	struct sha256_state sctx;
> >  	u16 tag = be16_to_cpu(head->tag);
> > -	u32 cc = be32_to_cpu(auth->ordinal);
> >  	int parm_len, len, i, handles;
> >  
> >  	if (!auth)
> >  		return rc;
> >  
> > +	cc = be32_to_cpu(auth->ordinal);
> > +
> >  	if (auth->session >= TPM_HEADER_SIZE) {
> >  		WARN(1, "tpm session not filled correctly\n");
> >  		goto out;
>
> Please check:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?id=72d6e06ed101e31e943937e42053fc690dc75cfe

Changed to:

https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?id=7dc357d343f134bf59815ff6098b93503ec8a23b

Just fixed some typos.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ