Re: [PATCH 1/3] KEYS: asym_tpm: fix buffer overreads in extract_key_parameters()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 15, 2022 at 11:40:48PM +0200, Jarkko Sakkinen wrote:
> > 
> > - Avoid integer overflows when validating size fields; 'sz + 12' and
> >   '4 + sz' overflowed if 'sz' is near U32_MAX.
> 
> So we have a struct tpm_header in include/linux/tpm.h. It would be way
> more informative to use sizeof(struct tpm_header) than number 12, even
> if the patch does not otherwise use the struct. It tells what it is, 12
> does not.

I don't think that would be an improvement, given that the code is using
hard-coded offsets.  If it's reading 4 bytes from cur + 8, it's much easier to
understand that it needs 12 bytes than 'sizeof(struct tpm_header)' bytes.

I'd certainly encourage whoever is maintaining this code to change it to use
structs instead, but that's not what this patch is meant to do.

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux