[coreboot-gerrit] Change in coreboot[master]: security/tpm/tspi: Fix handling of white space delimited list

19 May 2020

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/41280 )
Change subject: security/tpm/tspi: Fix handling of white space delimited list
......................................................................
security/tpm/tspi: Fix handling of white space delimited list
The current implementation uses strcmp() without splitting the list
and therefore returns false even when the string pointed to by
'name' is a part of 'whitelist'. The patch fixes this problem.
Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to
space delimited list to align it with the other lists we use.
Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3
Signed-off-by: Harshit Sharma harshitsharmajs@gmail.com
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Nico Huber nico.h@gmx.de
Reviewed-by: Werner Zeh werner.zeh@siemens.com
---
M src/security/tpm/Kconfig
M src/security/tpm/tspi/crtm.c
2 files changed, 6 insertions(+), 5 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Nico Huber: Looks good to me, but someone else must approve
  Werner Zeh: Looks good to me, approved

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 6741614..b6a7781 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -112,6 +112,6 @@
    depends on TPM_MEASURED_BOOT
    help
      Runtime data whitelist of cbfs filenames. Needs to be a
-	  comma separated list
+	  space delimited list
endmenu # Trusted Platform Module (tpm)
diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 8bcc01b..49daeb0 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -88,17 +88,18 @@
    const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
    size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
    size_t name_len = strlen(name);
-	int i;
+	const char *end;
if (!whitelist_len || !name_len)
    	return false;
-	for (i = 0; (i + name_len) <= whitelist_len; i++) {
-		if (!strcmp(whitelist + i, name))
+	while ((end = strchr(whitelist, ' '))) {
+		if (end - whitelist == name_len && !strncmp(whitelist, name, name_len))
    		return true;
+		whitelist = end + 1;
    }
-	return false;
+	return !strcmp(whitelist, name);
 }
uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/41280
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3
Gerrit-Change-Number: 41280
Gerrit-PatchSet: 10
Gerrit-Owner: Harshit Sharma harshitsharmajs@gmail.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Nico Huber nico.h@gmx.de
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: Werner Zeh werner.zeh@siemens.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/tpm/tspi: Fix handling of white space delimited list