On Thu, Nov 7, 2019 at 1:51 AM Stefan Berger stefanb@linux.vnet.ibm.com wrote:
Defend against a broken TPM 1.2 or TPM 2.0 that doesn't send at least a full response header in the response but less than 10 bytes.
Signed-off-by: Stefan Berger stefanb@linux.ibm.com
Reviewed-by: Marc-André Lureau marcandre.lureau@redhat.com
src/hw/tpm_drivers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c index e4770b3..2b5753c 100644 --- a/src/hw/tpm_drivers.c +++ b/src/hw/tpm_drivers.c @@ -620,7 +620,8 @@ tpmhw_transmit(u8 locty, struct tpm_req_header *req, return -1;
irc = td->readresp(respbuffer, respbufferlen);
- if (irc != 0)
if (irc != 0 ||
*respbufferlen < sizeof(struct tpm_rsp_header)) return -1;
td->ready();
-- 2.20.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org