| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250410103442.17746-1-purvayeshi550@gmail.com>
Date: Thu, 10 Apr 2025 16:04:42 +0530
From: Purva Yeshi <purvayeshi550@...il.com>
To: peterhuewe@....de,
jarkko@...nel.org
Cc: jgg@...pe.ca,
linux-integrity@...r.kernel.org,
linux-kernel@...r.kernel.org,
Purva Yeshi <purvayeshi550@...il.com>
Subject: [PATCH v2] char: tpm: tpm-buf: Add sanity check fallback in read helpers
Fix Smatch-detected issue:
drivers/char/tpm/tpm-buf.c:208 tpm_buf_read_u8() error:
uninitialized symbol 'value'.
drivers/char/tpm/tpm-buf.c:225 tpm_buf_read_u16() error:
uninitialized symbol 'value'.
drivers/char/tpm/tpm-buf.c:242 tpm_buf_read_u32() error:
uninitialized symbol 'value'.
Zero-initialize the return values in tpm_buf_read_u8(),
tpm_buf_read_u16(), and tpm_buf_read_u32() to guard against
uninitialized data in case of a boundary overflow.
Add defensive initialization ensures the return values are
always defined, preventing undefined behavior if the unexpected
happens.
Signed-off-by: Purva Yeshi <purvayeshi550@...il.com>
---
V1 - https://lore.kernel.org/all/20250409205536.210202-1-purvayeshi550@gmail.com/
V2 - Update commit message to clarify patch adds a sanity check
drivers/char/tpm/tpm-buf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c
index e49a19fea3bd..dc882fc9fa9e 100644
--- a/drivers/char/tpm/tpm-buf.c
+++ b/drivers/char/tpm/tpm-buf.c
@@ -201,7 +201,7 @@ static void tpm_buf_read(struct tpm_buf *buf, off_t *offset, size_t count, void
*/
u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset)
{
- u8 value;
+ u8 value = 0;
tpm_buf_read(buf, offset, sizeof(value), &value);
@@ -218,7 +218,7 @@ EXPORT_SYMBOL_GPL(tpm_buf_read_u8);
*/
u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset)
{
- u16 value;
+ u16 value = 0;
tpm_buf_read(buf, offset, sizeof(value), &value);
@@ -235,7 +235,7 @@ EXPORT_SYMBOL_GPL(tpm_buf_read_u16);
*/
u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset)
{
- u32 value;
+ u32 value = 0;
tpm_buf_read(buf, offset, sizeof(value), &value);
--
2.34.1
Powered by blists - more mailing lists