From: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
To: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: keys, trusted: seal with a TPM2 authorization policy
Date: Tue, 5 Jan 2016 13:48:47 +0200 [thread overview]
Message-ID: <20160105114847.GA3713@intel.com> (raw)
In-Reply-To: <20160105095826.GH23619@mwanda>
On Tue, Jan 05, 2016 at 12:58:26PM +0300, Dan Carpenter wrote:
> Hello Jarkko Sakkinen,
>
> The patch 5beb0c435bdd: "keys, trusted: seal with a TPM2
> authorization policy" from Oct 31, 2015, leads to the following
> static checker warning:
>
> drivers/char/tpm/tpm2-cmd.c:481 tpm2_seal_trusted()
> warn: this array is probably non-NULL. 'options->policydigest'
>
> drivers/char/tpm/tpm2-cmd.c
> 479
> 480 /* public */
> 481 if (options->policydigest)
> 482 tpm_buf_append_u16(&buf, 14 + options->digest_len);
> 483 else
> 484 tpm_buf_append_u16(&buf, 14);
>
> This line is dead code. We should remove the NULL test or perhaps a
> different test was intended?
It's a regression caused by me when I changed the patch not allocate
this buffer dynamically but used a static array. The right way to fix
this is to check the digest length.
Thank you for catching this! I'll implement and include a fix to my next
pull request.
> 485
> 486 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
> 487 tpm_buf_append_u16(&buf, hash);
> 488
> 489 /* policy */
> 490 if (options->policydigest) {
>
> Same.
Yup, and similar fix applies here.
> 491 tpm_buf_append_u32(&buf, 0);
> 492 tpm_buf_append_u16(&buf, options->digest_len);
> 493 tpm_buf_append(&buf, options->policydigest,
> 494 options->digest_len);
> 495 } else {
> 496 tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> 497 tpm_buf_append_u16(&buf, 0);
> 498 }
> 499
>
> regards,
> dan carpenter
/Jarkko
------------------------------------------------------------------------------
parent reply other threads:[~2016-01-05 11:48 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <20160105095826.GH23619@mwanda>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160105114847.GA3713@intel.com \
--to=jarkko.sakkinen-vuqaysv1563yd54fqh9/ca@public.gmane.org \
--cc=dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.