diff options
| author | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2016-01-06 09:43:30 -0500 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2016-02-09 21:10:55 -0500 |
| commit | f3c82ade7c59303167d56b0be3e0707751fc45e2 (patch) | |
| tree | 2e6cf81c35cc600e38fd643a0aa51f7f8a60fa6e /drivers/char | |
| parent | e5be990c2fc3c2682ab7cfbc4f0e6c8cdad2b40d (diff) | |
tpm: fix checks for policy digest existence in tpm2_seal_trusted()
In my original patch sealing with policy was done with dynamically
allocated buffer that I changed later into an array so the checks in
tpm2-cmd.c became invalid. This patch fixes the issue.
Fixes: 5beb0c435bdd ("keys, trusted: seal with a TPM2 authorization policy")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <peterhuewe@gmx.de>
Diffstat (limited to 'drivers/char')
| -rw-r--r-- | drivers/char/tpm/tpm2-cmd.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 45a634016f95..66e04b41a73d 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c | |||
| @@ -478,20 +478,16 @@ int tpm2_seal_trusted(struct tpm_chip *chip, | |||
| 478 | tpm_buf_append_u8(&buf, payload->migratable); | 478 | tpm_buf_append_u8(&buf, payload->migratable); |
| 479 | 479 | ||
| 480 | /* public */ | 480 | /* public */ |
| 481 | if (options->policydigest) | 481 | tpm_buf_append_u16(&buf, 14 + options->policydigest_len); |
| 482 | tpm_buf_append_u16(&buf, 14 + options->digest_len); | ||
| 483 | else | ||
| 484 | tpm_buf_append_u16(&buf, 14); | ||
| 485 | |||
| 486 | tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); | 482 | tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); |
| 487 | tpm_buf_append_u16(&buf, hash); | 483 | tpm_buf_append_u16(&buf, hash); |
| 488 | 484 | ||
| 489 | /* policy */ | 485 | /* policy */ |
| 490 | if (options->policydigest) { | 486 | if (options->policydigest_len) { |
| 491 | tpm_buf_append_u32(&buf, 0); | 487 | tpm_buf_append_u32(&buf, 0); |
| 492 | tpm_buf_append_u16(&buf, options->digest_len); | 488 | tpm_buf_append_u16(&buf, options->policydigest_len); |
| 493 | tpm_buf_append(&buf, options->policydigest, | 489 | tpm_buf_append(&buf, options->policydigest, |
| 494 | options->digest_len); | 490 | options->policydigest_len); |
| 495 | } else { | 491 | } else { |
| 496 | tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); | 492 | tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); |
| 497 | tpm_buf_append_u16(&buf, 0); | 493 | tpm_buf_append_u16(&buf, 0); |