From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Hao Ge" <hao.ge@linux.dev>, <peterhuewe@gmx.de>, <jgg@ziepe.ca>
Cc: <linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
"Hao Ge" <gehao@kylinos.cn>
Subject: Re: [PATCH] tpm: Move dereference after NULL check in tpm_buf_check_hmac_response
Date: Tue, 16 Jul 2024 13:33:17 +0300 [thread overview]
Message-ID: <D2QW8VSPX777.34R28W8GVXKMS@kernel.org> (raw)
In-Reply-To: <20240709023337.102509-1-hao.ge@linux.dev>
On Tue Jul 9, 2024 at 5:33 AM EEST, Hao Ge wrote:
> From: Hao Ge <gehao@kylinos.cn>
>
> We shouldn't dereference "auth" until after we have checked that it is
> non-NULL.
>
> Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> Signed-off-by: Hao Ge <gehao@kylinos.cn>
> ---
> drivers/char/tpm/tpm2-sessions.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> index 2281d55df545..d3521aadd43e 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -746,15 +746,16 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
> struct tpm2_auth *auth = chip->auth;
> off_t offset_s, offset_p;
> u8 rphash[SHA256_DIGEST_SIZE];
> - u32 attrs;
> + u32 attrs, cc;
> struct sha256_state sctx;
> u16 tag = be16_to_cpu(head->tag);
> - u32 cc = be32_to_cpu(auth->ordinal);
> int parm_len, len, i, handles;
>
> if (!auth)
> return rc;
>
> + cc = be32_to_cpu(auth->ordinal);
> +
> if (auth->session >= TPM_HEADER_SIZE) {
> WARN(1, "tpm session not filled correctly\n");
> goto out;
Please check:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?id=72d6e06ed101e31e943937e42053fc690dc75cfe
It is exactly this except commit message is tuned. And please denote
that I'm on holiday ;-)
If that works for you, I can put it to my -rc PR.
Thank you.
BR, Jarkko
next prev parent reply other threads:[~2024-07-16 10:33 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-09 2:33 [PATCH] tpm: Move dereference after NULL check in tpm_buf_check_hmac_response Hao Ge
2024-07-09 6:04 ` Markus Elfring
2024-07-14 15:43 ` Jarkko Sakkinen
2024-07-15 7:24 ` [PATCH v2] " Hao Ge
2024-07-15 8:29 ` [PATCH] " Hao Ge
2024-07-15 11:25 ` Jarkko Sakkinen
2024-07-15 11:52 ` James Bottomley
2024-07-16 10:06 ` Jarkko Sakkinen
2024-07-16 1:04 ` Hao Ge
2024-07-16 10:20 ` Jarkko Sakkinen
2024-07-16 10:33 ` Jarkko Sakkinen [this message]
2024-07-16 10:35 ` Jarkko Sakkinen
2024-07-16 10:57 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D2QW8VSPX777.34R28W8GVXKMS@kernel.org \
--to=jarkko@kernel.org \
--cc=gehao@kylinos.cn \
--cc=hao.ge@linux.dev \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.