Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
tpm2-0-tss.33671
0001-tss2_rc-ensure-layer-number-is-in-bounds.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch of Package tpm2-0-tss.33671
From 306490c8d848c367faa2d9df81f5e69dab46ffb5 Mon Sep 17 00:00:00 2001 From: William Roberts <william.c.roberts@intel.com> Date: Thu, 19 Jan 2023 11:53:06 -0600 Subject: [PATCH] tss2_rc: ensure layer number is in bounds The layer handler array was defined as 255, the max number of uint8, which is the size of the layer field, however valid values are 0-255 allowing for 256 possibilities and thus the array was off by one and needed to be sized to 256 entries. Update the size and add tests. Note: previous implementations incorrectly dropped bits on unknown error output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF, but earlier implementations returned 255:0xFFFF, dropping the middle bits, this patch fixes that. Fixes: CVE-2023-22745 Signed-off-by: William Roberts <william.c.roberts@intel.com> --- src/tss2-rc/tss2_rc.c | 31 +++++++++++++++++++++---------- test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++- 2 files changed, 41 insertions(+), 11 deletions(-) Index: tpm2-tss-3.1.0/src/tss2-rc/tss2_rc.c =================================================================== --- tpm2-tss-3.1.0.orig/src/tss2-rc/tss2_rc.c +++ tpm2-tss-3.1.0/src/tss2-rc/tss2_rc.c @@ -1,5 +1,8 @@ /* SPDX-License-Identifier: BSD-2-Clause */ - +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif +#include <assert.h> #include <stdarg.h> #include <stdbool.h> #include <stdio.h> @@ -834,7 +837,7 @@ tss_err_handler (TSS2_RC rc) static struct { char name[TSS2_ERR_LAYER_NAME_MAX]; TSS2_RC_HANDLER handler; -} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT] = { +} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT + 1] = { ADD_HANDLER("tpm" , tpm2_ehandler), ADD_NULL_HANDLER, /* layer 1 is unused */ ADD_NULL_HANDLER, /* layer 2 is unused */ @@ -869,7 +872,7 @@ unknown_layer_handler(TSS2_RC rc) static __thread char buf[32]; clearbuf(buf); - catbuf(buf, "0x%X", tpm2_error_get(rc)); + catbuf(buf, "0x%X", rc); return buf; } @@ -966,19 +969,27 @@ Tss2_RC_Decode(TSS2_RC rc) catbuf(buf, "%u:", layer); } - handler = !handler ? unknown_layer_handler : handler; - /* * Handlers only need the error bits. This way they don't * need to concern themselves with masking off the layer * bits or anything else. */ - UINT16 err_bits = tpm2_error_get(rc); - const char *e = err_bits ? handler(err_bits) : "success"; - if (e) { - catbuf(buf, "%s", e); + if (handler) { + UINT16 err_bits = tpm2_error_get(rc); + const char *e = err_bits ? handler(err_bits) : "success"; + if (e) { + catbuf(buf, "%s", e); + } else { + catbuf(buf, "0x%X", err_bits); + } } else { - catbuf(buf, "0x%X", err_bits); + /* + * we don't want to drop any bits if we don't know what to do with it + * so drop the layer byte since we we already have that. + */ + const char *e = unknown_layer_handler(rc >> 8); + assert(e); + catbuf(buf, "%s", e); } return buf;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor