[coreboot-gerrit] Change in coreboot[master]: security/tpm: Fix TPM software stack vulnerability
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Thu Mar 15 00:41:33 CET 2018
Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/25184
Change subject: security/tpm: Fix TPM software stack vulnerability
......................................................................
security/tpm: Fix TPM software stack vulnerability
* Fix tlcl_read() for TPM 1.2
* https://github.com/nccgroup/TPMGenie
Change-Id: I1618b2cc579d189bccca7a781e2bed0976a8b471
Signed-off-by: zaolin <zaolin at das-labor.org>
---
M src/security/tpm/tss/tcg-1.2/tss.c
1 file changed, 1 insertion(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/84/25184/1
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index b7b2d94..3e2e049 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -238,6 +238,7 @@
if (result == TPM_SUCCESS && length > 0) {
uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength;
from_tpm_uint32(nv_read_cursor, &result_length);
+ assert(result_length > length);
nv_read_cursor += sizeof(uint32_t);
memcpy(data, nv_read_cursor, result_length);
}
--
To view, visit https://review.coreboot.org/25184
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1618b2cc579d189bccca7a781e2bed0976a8b471
Gerrit-Change-Number: 25184
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180314/8caba3b0/attachment-0001.html>
More information about the coreboot-gerrit
mailing list