lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1bceb239-4f18-41c9-b6c7-acd4ce08ba8d@gmail.com>
Date: Thu, 10 Apr 2025 15:14:34 +0530
From: Purva Yeshi <purvayeshi550@...il.com>
To: Jarkko Sakkinen <jarkko@...nel.org>,
 Stefano Garzarella <sgarzare@...hat.com>
Cc: peterhuewe@....de, jgg@...pe.ca, linux-integrity@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] char: tpm: tpm-buf: Fix uninitialized return values in
 read helpers

On 10/04/25 14:24, Jarkko Sakkinen wrote:
> On Thu, Apr 10, 2025 at 09:51:09AM +0200, Stefano Garzarella wrote:
>> On Thu, Apr 10, 2025 at 09:14:58AM +0300, Jarkko Sakkinen wrote:
>>> On Thu, Apr 10, 2025 at 02:25:36AM +0530, Purva Yeshi wrote:
>>>> Fix Smatch-detected error:
> 
> Empty line and s/error/issue/.
> 
>>>> drivers/char/tpm/tpm-buf.c:208 tpm_buf_read_u8() error:
>>>> uninitialized symbol 'value'.
>>>> drivers/char/tpm/tpm-buf.c:225 tpm_buf_read_u16() error:
>>>> uninitialized symbol 'value'.
>>>> drivers/char/tpm/tpm-buf.c:242 tpm_buf_read_u32() error:
>>>> uninitialized symbol 'value'.
>>>>
>>>> Call tpm_buf_read() to populate value but do not check its return
>>>> status. If the read fails, value remains uninitialized, causing
>>>> undefined behavior when returned or processed.
>>>>
>>>> Initialize value to zero to ensure a defined return even if
>>>> tpm_buf_read() fails, avoiding undefined behavior from using
>>>> an uninitialized variable.
>>>
>>> How does tpm_buf_read() fail?
>>
>> If TPM_BUF_BOUNDARY_ERROR is set (or we are setting it), we are effectively
>> returning random stack bytes to the caller.
>> Could this be a problem?
> 
> It should never happen, if the kernel is working correctly. The commit
> message implies a legit failure scenario, which would imply that the
> patch is a bug fix, which it actually is not.
> 
> "Add a sanity check for boundary overflow, and zero out the value,
> if the unexpected happens" is what this patch actually does. I.e.,
> code change acceptable, commit message is all wrong.

Understood now. I’ll update the commit message to clearly state this is 
a sanity check for unexpected boundary overflows. Thanks for the 
clarification!

> 
>>
>> If it is, maybe instead of this patch, we could set `*output` to zero in the
>> error path of tpm_buf_read(). Or return an error from tpm_buf_read() so
>> callers can return 0 or whatever they want.
>>
>> Thanks,
>> Stefano
>>
>>
> 
> BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ