Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8905251imu; Tue, 4 Dec 2018 16:47:34 -0800 (PST) X-Google-Smtp-Source: AFSGD/Vz1rICk8Q2xyEITN5Oukck9BABEoikVgjpoOSjR9I8d6dxhRNQAm5GB9X5HS4tPU3Xml+7 X-Received: by 2002:a17:902:6b0c:: with SMTP id o12mr22449396plk.291.1543970854463; Tue, 04 Dec 2018 16:47:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543970854; cv=none; d=google.com; s=arc-20160816; b=QArQi2m1JmR6g/U3FuQLkmeLmYy/tobQ8pNPnDlg+YEvafLudiSneiDVfcwQpP67A1 Vft0G68gz9HmFiHyK9U7kxzncPcduXDHY5XL4WHeZPBYEWzsO7+1nQ1Xcv5ysroCVFrK DzYm6kVhvxdVA91OUZGjqpp2FwYLKNF49jsBKTdF0UKZR/JEMwU9mZkM0DxZoLBRg34i 1zB6zdiP1vjzs/EHP7JcSKywERPJyOhlX0j1wSwfjvS0c2vc2aQFwnbSxOdXcAyeHmSK C3YthrYAiYdjeSsNM5g8XmwFnz75fS3mkEx+/y1DfG74/8LGYQJcewtJrVPKvW0xk0gK 8SQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=8J35LUqoGyFEiQgiacRRy0SzVyfaGm0tz5Se5+rBb5s=; b=IgnvqR0nwr8HvWpyZsC9mwjYVVJWlAnJ8qjy3A0BrKrozXq3yoRTVmVmzdNHdqf2K5 NoBEJXmJKGiIOpR5+oeLh6qpydXyj46PGNMpzchiAKgqWn1URXxifJEcPV8us1xUtf6n wnNdl13Hw2WHJK+nRTh/5RfeP509o1j0ho/7NFjjKGzljEHM2hEYjD51oKG9ZCwShBCZ G/4T0G6ZaZnLIaTvSXM2VGp56D+/6JlBS45YRfkZUuxv3BbwfvM0PNSMfVIhutPhb/r3 /8+TwPEJufucj8rwubfufjjC/YHeMUrGQwk/6ZpyZmsXDX5slNKhQum5kvC5VxL8o/Bi Hi8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i39si18865562plb.256.2018.12.04.16.47.19; Tue, 04 Dec 2018 16:47:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726538AbeLEAqs (ORCPT + 99 others); Tue, 4 Dec 2018 19:46:48 -0500 Received: from mga09.intel.com ([134.134.136.24]:24524 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725979AbeLEAqr (ORCPT ); Tue, 4 Dec 2018 19:46:47 -0500 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Dec 2018 16:46:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,316,1539673200"; d="scan'208";a="299366323" Received: from jsakkine-mobl1.jf.intel.com (HELO localhost) ([10.24.8.183]) by fmsmga006.fm.intel.com with ESMTP; 04 Dec 2018 16:46:44 -0800 Date: Tue, 4 Dec 2018 16:46:43 -0800 From: Jarkko Sakkinen To: Roberto Sassu Cc: zohar@linux.ibm.com, david.safford@ge.com, monty.wiseman@ge.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com Subject: Re: [PATCH v6 6/7] tpm: ensure that the output of PCR read contains the correct digest size Message-ID: <20181205004643.GA26578@linux.intel.com> References: <20181204082138.24600-1-roberto.sassu@huawei.com> <20181204082138.24600-7-roberto.sassu@huawei.com> <20181205000910.GE1233@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181205000910.GE1233@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 04, 2018 at 04:09:10PM -0800, Jarkko Sakkinen wrote: > On Tue, Dec 04, 2018 at 09:21:37AM +0100, Roberto Sassu wrote: > > out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; > > digest_size = be16_to_cpu(out->digest_size); > > - if (digest_size > sizeof(digest->digest)) { > > + if (digest_size > sizeof(digest->digest) || > > + (!digest_size_ptr && digest_size != expected_digest_size)) { > > rc = -EINVAL; > > goto out; > > } > > Just noticed this but you must squash 4-6 because applying only > previous commits will result a broken tree. It will be much bigger > commit but won't be broken. > > I think you should also feed min_rsp_body_length as you should be > able to precalculate. > > Last time I was asking why this isn't a bug fix. It is even for > the existing code. The existing code should have a bug fix that > checks that the received digest size so that it is the expected > SHA1 size before we can apply this commit. My bad. This is not the same deal as the code because in the old code we always copy a constant block. Here we use the variable as parameter for memcpy() so it is better to check the size. You can ignore the last paragraph completely. Sorry, had to double check this one. There is no need to do any type of bug fix for the current tree. Still 4-6 need to be squashed in order to not put purposely the tree into broken state. /Jarko