[tpmdd-devel] Fix unallocated memory access in TPM eventlog code
diff mbox

Message ID 1456873414-6127-1-git-send-email-mjg59@coreos.com
State New
Headers show

Commit Message

Matthew Garrett March 1, 2016, 11:03 p.m. UTC
COmmit 0cc698 added support for handling endian fixups in the event log code
but broke the binary log file in the process. Keep the endian code, but read
the event data from the actual event rather than from unallocated RAM.

Signed-off-by: Matthew Garrett <mjg59@coreos.com>
Cc: stable@kernel.org
---
Should be applied to 4.4
 drivers/char/tpm/tpm_eventlog.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Matthew Garrett March 2, 2016, 12:22 a.m. UTC | #1
On Tue, Mar 1, 2016 at 4:03 PM, Jason Gunthorpe
<jgunthorpe@obsidianresearch.com> wrote:
> https://git.kernel.org/cgit/linux/kernel/git/jmorris/linux-security.git/commit/drivers/char/tpm/tpm_eventlog.c?h=next&id=186d124f07da193a8f47e491af85cb695d415f2f
>
> Already on it's way to mainline.

Works for me.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140

Patch
diff mbox

diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index bd72fb0..e47092c 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -244,7 +244,12 @@  static int tpm_binary_bios_measurements_show(struct seq_file *m, void *v)
 
 	tempPtr = (char *)&temp_event;
 
-	for (i = 0; i < sizeof(struct tcpa_event) + temp_event.event_size; i++)
+	for (i = 0; i < sizeof(struct tcpa_event); i++)
+		seq_putc(m, tempPtr[i]);
+
+	tempPtr = (char *)&event->event_data;
+
+	for (i = 0; i < temp_event.event_size; i++)
 		seq_putc(m, tempPtr[i]);
 
 	return 0;