diff options
| author | Alexander Steffen <[email protected]> | 2017-09-08 17:21:32 +0200 |
|---|---|---|
| committer | Jarkko Sakkinen <[email protected]> | 2017-10-18 18:28:47 +0300 |
| commit | ee70bc1e7b63ac8023c9ff9475d8741e397316e7 (patch) | |
| tree | 93a16d26538c5525a32fe11279a812115bad2a1d /scripts/gcc-plugins/structleak_plugin.c | |
| parent | 125a2210541079e8e7c69e629ad06cabed788f8c (diff) | |
tpm-dev-common: Reject too short writes
tpm_transmit() does not offer an explicit interface to indicate the number
of valid bytes in the communication buffer. Instead, it relies on the
commandSize field in the TPM header that is encoded within the buffer.
Therefore, ensure that a) enough data has been written to the buffer, so
that the commandSize field is present and b) the commandSize field does not
announce more data than has been written to the buffer.
This should have been fixed with CVE-2011-1161 long ago, but apparently
a correct version of that patch never made it into the kernel.
Cc: [email protected]
Signed-off-by: Alexander Steffen <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Tested-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
Diffstat (limited to 'scripts/gcc-plugins/structleak_plugin.c')
0 files changed, 0 insertions, 0 deletions