diff mbox

[tpmdd-devel,01/10] tpm: Check received number of bytes against length indicator in header

Message ID 1484057900-17871-1-git-send-email-stefanb@linux.vnet.ibm.com
State New
Headers show

Commit Message

Stefan Berger Jan. 10, 2017, 2:18 p.m. UTC
Make sure that we have not received less bytes than what is indicated
in the header of the TPM response.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm-interface.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Jason Gunthorpe Jan. 10, 2017, 4:15 p.m. UTC | #1
On Tue, Jan 10, 2017 at 09:18:11AM -0500, Stefan Berger wrote:
> Make sure that we have not received less bytes than what is indicated
> in the header of the TPM response.

IMHO this entire series should be tagged for stable, can you please
add a Cc: and Fixes:

Thanks,
Jason

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
Stefan Berger Jan. 10, 2017, 7:59 p.m. UTC | #2
On 01/10/2017 11:15 AM, Jason Gunthorpe wrote:
> On Tue, Jan 10, 2017 at 09:18:11AM -0500, Stefan Berger wrote:
>> Make sure that we have not received less bytes than what is indicated
>> in the header of the TPM response.
> IMHO this entire series should be tagged for stable, can you please
> add a Cc: and Fixes:

I don't have a way to test all the commands to make sure whether one is 
now failing. Several ones for TPM 1.2 are reachable via sysfs, but not 
so easy for TPM2. So I would suggest to try it out first, then propagate 
it into stable after some time.

     Stefan

>
> Thanks,
> Jason
>


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
Jarkko Sakkinen Jan. 12, 2017, 2:45 p.m. UTC | #3
On Tue, Jan 10, 2017 at 09:18:11AM -0500, Stefan Berger wrote:
> Make sure that we have not received less bytes than what is indicated
> in the header of the TPM response.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

NAK for the whole patch set as it is missing the cover letter.

Also you should pick my validation patch to this patch set and do the
check inside the new function.

/Jarkko

> ---
>  drivers/char/tpm/tpm-interface.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index fecdd3f..9d6f894 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -446,6 +446,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *cmd,
>  		return -EFAULT;
>  
>  	header = cmd;
> +	if (len < be32_to_cpu(header->length))
> +		return -EFAULT;
>  
>  	err = be32_to_cpu(header->return_code);
>  	if (err != 0 && desc)
> -- 
> 2.4.3
> 

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
diff mbox

Patch

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index fecdd3f..9d6f894 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -446,6 +446,8 @@  ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *cmd,
 		return -EFAULT;
 
 	header = cmd;
+	if (len < be32_to_cpu(header->length))
+		return -EFAULT;
 
 	err = be32_to_cpu(header->return_code);
 	if (err != 0 && desc)