You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
2.8 KiB
91 lines
2.8 KiB
From bcbc2f0400cfc2f596283e8c528aed4576bfea69 Mon Sep 17 00:00:00 2001 |
|
From: Ken Goldman <kgold@linux.ibm.com> |
|
Date: Fri, 3 Sep 2021 14:58:20 -0400 |
|
Subject: [PATCH 5/7] utils: Fix errors detected by gcc asan |
|
|
|
In Uint32_Convert(), case the byte to uint32_t before the left shift |
|
24 to suppress a warning. |
|
|
|
In TSS_EFI_GetNameIndex(), do not compare data if the length does not |
|
match, because this could cause a buffer overflow. Test should be &&, |
|
not &. |
|
|
|
TSS_Delete should only memset sessionData if the pointer is not NULL. |
|
|
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com> |
|
--- |
|
utils/efilib.c | 11 +++++++---- |
|
utils/eventlib.c | 10 +++++----- |
|
utils/tss.c | 6 ++++-- |
|
3 files changed, 16 insertions(+), 11 deletions(-) |
|
|
|
diff --git a/utils/efilib.c b/utils/efilib.c |
|
index 201a1f5..ab8177b 100644 |
|
--- a/utils/efilib.c |
|
+++ b/utils/efilib.c |
|
@@ -399,16 +399,19 @@ static void TSS_EFI_GetNameIndex(size_t *index, |
|
const uint8_t *name, |
|
uint64_t nameLength) /* half the total bytes in array */ |
|
{ |
|
- int m1,m2; |
|
+ int m1 = 0; |
|
+ int m2 = 0; |
|
for (*index = 0 ; |
|
*index < sizeof(tagTable) / sizeof(TAG_TABLE) ; |
|
(*index)++) { |
|
|
|
/* length match */ |
|
m1 = (nameLength * 2) == tagTable[*index].nameLength; |
|
- /* string match */ |
|
- m2 = memcmp(name, tagTable[*index].name, (size_t)(nameLength * 2)) == 0; |
|
- if (m1 & m2) { |
|
+ if (m1) { |
|
+ /* string match */ |
|
+ m2 = memcmp(name, tagTable[*index].name, (size_t)(nameLength * 2)) == 0; |
|
+ } |
|
+ if (m1 && m2) { |
|
return; |
|
} |
|
} |
|
diff --git a/utils/eventlib.c b/utils/eventlib.c |
|
index 0c2801c..c56a22f 100644 |
|
--- a/utils/eventlib.c |
|
+++ b/utils/eventlib.c |
|
@@ -1346,12 +1346,12 @@ static uint32_t Uint32_Convert(uint32_t in) |
|
{ |
|
uint32_t out = 0; |
|
unsigned char *inb = (unsigned char *)∈ |
|
- |
|
+ |
|
/* little endian input */ |
|
- out = (inb[0] << 0) | |
|
- (inb[1] << 8) | |
|
- (inb[2] << 16) | |
|
- (inb[3] << 24); |
|
+ out = ((((uint32_t)inb[0]) << 0) | |
|
+ (((uint32_t)inb[1]) << 8) | |
|
+ (((uint32_t)inb[2]) << 16) | |
|
+ (((uint32_t)inb[3]) << 24)); |
|
return out; |
|
} |
|
#endif /* TPM_TSS_NOFILE */ |
|
diff --git a/utils/tss.c b/utils/tss.c |
|
index 574c448..6f0eede 100644 |
|
--- a/utils/tss.c |
|
+++ b/utils/tss.c |
|
@@ -179,8 +179,10 @@ TPM_RC TSS_Delete(TSS_CONTEXT *tssContext) |
|
for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { |
|
tssContext->sessions[i].sessionHandle = TPM_RH_NULL; |
|
/* erase any secrets */ |
|
- memset(tssContext->sessions[i].sessionData, |
|
- 0, tssContext->sessions[i].sessionDataLength); |
|
+ if (tssContext->sessions[i].sessionData != NULL) { |
|
+ memset(tssContext->sessions[i].sessionData, |
|
+ 0, tssContext->sessions[i].sessionDataLength); |
|
+ } |
|
free(tssContext->sessions[i].sessionData); |
|
tssContext->sessions[i].sessionData = NULL; |
|
tssContext->sessions[i].sessionDataLength = 0; |
|
-- |
|
2.34.1 |
|
|
|
|