[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 11/14] tpm2: check the command parameters of TPM2 commands
|
From: |
Gary Lin |
|
Subject: |
[PATCH 11/14] tpm2: check the command parameters of TPM2 commands |
|
Date: |
Wed, 22 Feb 2023 15:00:51 +0800 |
Some command parameters should not be NULL. Add the conditional check to
avoid the potential NULL pointer reference.
Besides, for TPM2_StartAuthSession, when 'tpmKey' is 'TPM_RH_NULL', the
size of 'encryptedSalt' must be 0 per "TCG TPM2 Part3 Commands".
Signed-off-by: Gary Lin <glin@suse.com>
---
grub-core/tpm2/tpm2.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/grub-core/tpm2/tpm2.c b/grub-core/tpm2/tpm2.c
index bc1d797d4..ad9d52cd4 100644
--- a/grub-core/tpm2/tpm2.c
+++ b/grub-core/tpm2/tpm2.c
@@ -127,6 +127,9 @@ TPM2_CreatePrimary (const TPMI_RH_HIERARCHY primaryHandle,
TPM_RC responseCode;
grub_uint32_t parameterSize;
+ if (!inSensitive || !inPublic || !outsideInfo || !creationPCR)
+ return TPM_RC_VALUE;
+
if (!objectHandle)
objectHandle = &objectHandleTmp;
if (!outPublic)
@@ -210,6 +213,13 @@ TPM2_StartAuthSession (const TPMI_DH_OBJECT tpmKey,
TPM_RC responseCode;
grub_uint32_t param_size;
+ if (!nonceCaller || !symmetric)
+ return TPM_RC_VALUE;
+
+ if (tpmKey == TPM_RH_NULL &&
+ (encryptedSalt && encryptedSalt->size != 0))
+ return TPM_RC_VALUE;
+
if (!sessionHandle)
sessionHandle = &sessionHandleTmp;
if (!nonceTpm)
@@ -272,6 +282,9 @@ TPM2_PolicyPCR (const TPMI_SH_POLICY policySessions,
TPM_RC responseCode;
grub_uint32_t param_size;
+ if (!pcrs)
+ return TPM_RC_VALUE;
+
if (!authResponse)
authResponse = &authResponseTmp;
@@ -363,6 +376,9 @@ TPM2_Load (const TPMI_DH_OBJECT parent_handle,
TPM_RC responseCode;
grub_uint32_t param_size;
+ if (!inPrivate || !inPublic)
+ return TPM_RC_VALUE;
+
if (!objectHandle)
objectHandle = &objectHandleTmp;
if (!name)
@@ -506,7 +522,7 @@ TPM2_PCR_Read (const TPMS_AUTH_COMMAND *authCommand,
grub_uint32_t parameterSize;
if (!pcrSelectionIn)
- return TPM_RC_FAILURE;
+ return TPM_RC_VALUE;
if (!pcrUpdateCounter)
pcrUpdateCounter = &pcrUpdateCounterTmp;
@@ -625,6 +641,9 @@ TPM2_Create (const TPMI_DH_OBJECT parentHandle,
TPM_RC rc;
grub_uint32_t parameterSize;
+ if (!inSensitive || !inPublic || !outsideInfo || !creationPCR)
+ return TPM_RC_VALUE;
+
if (!outPrivate)
outPrivate = &outPrivateTmp;
if (!outPublic)
--
2.35.3
- Re: [PATCH 03/14] protectors: Add TPM2 Key Protector, (continued)
- [PATCH 05/14] util/grub-protect: Add new tool, Gary Lin, 2023/02/22
- [PATCH 07/14] tpm2: Don't measure the sealed key, Gary Lin, 2023/02/22
- [PATCH 09/14] tpm2: declare the input arguments of TPM2 functions as const, Gary Lin, 2023/02/22
- [PATCH 13/14] tpm2: allow some command parameters to be NULL, Gary Lin, 2023/02/22
- [PATCH 14/14] tpm2: remove the unnecessary variables, Gary Lin, 2023/02/22
- [PATCH 04/14] cryptodisk: Support key protectors, Gary Lin, 2023/02/22
- [PATCH 06/14] crytodisk: fix cryptodisk module looking up, Gary Lin, 2023/02/22
- [PATCH 08/14] tpm2: adjust the input parameters of TPM2_EvictControl, Gary Lin, 2023/02/22
- [PATCH 11/14] tpm2: check the command parameters of TPM2 commands,
Gary Lin <=
- [PATCH 10/14] tpm2: resend the command on TPM_RC_RETRY, Gary Lin, 2023/02/22
- [PATCH 12/14] tpm2: pack the missing authorization command for TPM2_PCR_Read, Gary Lin, 2023/02/22
- Re: [PATCH 00/14] Automatic Disk Unlock with TPM2, Daniel Kiper, 2023/02/28