Skip to content

tpm2_policy: Do not overflow list of policy digests #3485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AndreasFuchsTPM merged 1 commit into from
May 14, 2025
Merged

tpm2_policy: Do not overflow list of policy digests #3485

AndreasFuchsTPM merged 1 commit into from
May 14, 2025
+17 −0

Conversation

@Vogtinator
Copy link
Contributor

@Vogtinator Vogtinator commented May 12, 2025

Don't try to write more digests into TPML_DIGEST than fit.

Otherwise this segfaults due to stack corruption:

fvogt-thinkpad:/tmp # tpm2_startauthsession -S session.ctx
fvogt-thinkpad:/tmp # tpm2_policypcr -S session.ctx -L p -l sha256:0
f5a83a2aa307e14029b7c910c90aaba705581ed582968babf64d7b4896abf16b
fvogt-thinkpad:/tmp # tpm2_policyor -S session.ctx -L policy.or sha256:p,p,p,p,p,p,p,p
e7200418d2f5510e111a4f48e2146414fc0bbc51adb9bd82b90870ec02bd97b3
fvogt-thinkpad:/tmp # tpm2_policyor -S session.ctx -L policy.or sha256:p,p,p,p,p,p,p,p,p
WARNING:marshal:src/tss2-mu/tpml-types.c:164:Tss2_MU_TPML_DIGEST_Marshal() count too big
ERROR:esys:src/tss2-esys/api/Esys_PolicyOR.c:177:Esys_PolicyOR_Async() SAPI Prepare returned error. ErrorCode (0x0008000b)
ERROR:esys:src/tss2-esys/api/Esys_PolicyOR.c:77:Esys_PolicyOR() Error in async function ErrorCode (0x0008000b)
ERROR: Esys_PolicyAuthorize(0x8000B) - sys:A parameter has a bad value
ERROR: Could not build policyor TPM
Segmentation fault (core dumped)

@Vogtinator
tpm2_policy: Do not overflow list of policy digests
739ced5 
Don't try to write more digests into TPML_DIGEST than fit.

Signed-off-by: Fabian Vogt <fvogt@suse.de>
@AndreasFuchsTPM AndreasFuchsTPM merged commit 67119ad into tpm2-software:master May 14, 2025
23 checks passed
@Vogtinator Vogtinator deleted the noverflow branch May 14, 2025 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndreasFuchsTPM AndreasFuchsTPM AndreasFuchsTPM approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vogtinator @AndreasFuchsTPM