Re: [Regression] "tpm: Require that all digests are present in TCG_PCR_EVENT2 structures" causes null pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 28, 2020 at 06:15:00PM +0200, Ard Biesheuvel wrote:
> > > > It is possible but initially feels a bit weird:
> > > >
> > > > -                  sizeof(TCG_SPECID_SIG)) || count > efispecid->num_algs) {
> > > > +                  sizeof(TCG_SPECID_SIG)) ||
> > > > +           !efispecid->num_algs || count != efispecid->num_algs) {

^^^

> In tpm2_bios_measurements_start(), we dereference tpm_bios_log to
> access bios_event_log and bios_event_log_end without checking tpm_bios
> for NULL. This is where the crash seems to occur.

That's a good guess. Just a bit confused how that particular patch can
have the effect: it has two deferences to efispecid instead of one in
the same statement. Would be interesting to hear if the bug is triggered
in Kenneth's environment by the exact same commit.

/Jarkko



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux