[coreboot-gerrit] New patch to review for coreboot: 3f5d3d9 vboot: Convert response_length from uint32_t to size_t in VbExTpmSendReceive

Marc Jones (marc.jones@se-eng.com) gerrit at coreboot.org
Mon Dec 22 21:54:36 CET 2014 

Marc Jones (marc.jones at se-eng.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/7894

-gerrit

commit 3f5d3d9742f23c31e1628496b32b5416bdaa65fe
Author: Daisuke Nojiri <dnojiri at chromium.org>
Date:   Fri May 2 10:36:43 2014 -0700

    vboot: Convert response_length from uint32_t to size_t in VbExTpmSendReceive
    
    Length arguments for VbExTpmSendReceive have type uint32_t but it calls function
    which expects size_t. This change converts uint32_t to size_t on call and
    size_t to uint32_t on return.
    
    BUG=None
    BRANCH=None
    TEST=Booted Nyan Big to Linux
    
    Original-Signed-off-by: Daisuke Nojiri <dnojiri at chromium.org>
    Original-Change-Id: I1971488baae2d060c0cddec7749461c91602a4f9
    Original-Reviewed-on: https://chromium-review.googlesource.com/198016
    (cherry picked from commit 6830747eb47568f2a2b494624522d37d8945c030)
    Signed-off-by: Marc Jones <marc.jones at se-eng.com>
    
    Change-Id: I20741759e7bbd60dd7044c532287d6b55047e19a
---
 src/vendorcode/google/chromeos/vboot_wrapper.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/vendorcode/google/chromeos/vboot_wrapper.c b/src/vendorcode/google/chromeos/vboot_wrapper.c
index 5611451..5aa0066 100644
--- a/src/vendorcode/google/chromeos/vboot_wrapper.c
+++ b/src/vendorcode/google/chromeos/vboot_wrapper.c
@@ -225,9 +225,13 @@ VbError_t VbExTpmOpen(void)
 VbError_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length,
                              uint8_t *response, uint32_t *response_length)
 {
-	if (gcontext->tis_sendrecv(request, request_length,
-	                           response, response_length))
+	size_t len = *response_length;
+	if (gcontext->tis_sendrecv(request, request_length, response, &len))
 		return VBERROR_UNKNOWN;
+	/* check 64->32bit overflow and (re)check response buffer overflow */
+	if (len > *response_length)
+		return VBERROR_UNKNOWN;
+	*response_length = len;
 	return VBERROR_SUCCESS;
 }

More information about the coreboot-gerrit mailing list