From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Subject: Re: [PATCH] tpm: fix use after free in tpm2_load_context Date: Mon, 14 May 2018 13:54:22 +0300 Message-ID: <20180514105422.GF8228@linux.intel.com> References: <152589213590.23382.13567986597921947843.stgit@tstruk-mobl1.jf.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <152589213590.23382.13567986597921947843.stgit-mEAvsCHCuLnxhXoCA9A9g62pdiUAq4bhAL8bYrjMMd8@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Tadeusz Struk Cc: jgg-uk2M96/98Pc@public.gmane.org, linux-integrity-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On Wed, May 09, 2018 at 11:55:35AM -0700, Tadeusz Struk wrote: > If load context command returns with TPM2_RC_HANDLE or > TPM2_RC_REFERENCE_H0 then we have use after free in > line 114 and double free in 117. > > Fixes: 4d57856a21ed2 ("tpm2: add session handle context saving and restoring to the space code") > > Signed-off-by: Tadeusz Struk Thank you, appreciate this! Reviewed-by: Jarkko Sakkinen /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot