From: Hao Ge <gehao@xxxxxxxxxx>
We shouldn't dereference "auth" until after we have checked that it is
non-NULL.
Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
Signed-off-by: Hao Ge <gehao@xxxxxxxxxx>
---
drivers/char/tpm/tpm2-sessions.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
index 2281d55df545..d3521aadd43e 100644
--- a/drivers/char/tpm/tpm2-sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -746,15 +746,16 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
struct tpm2_auth *auth = chip->auth;
off_t offset_s, offset_p;
u8 rphash[SHA256_DIGEST_SIZE];
- u32 attrs;
+ u32 attrs, cc;
struct sha256_state sctx;
u16 tag = be16_to_cpu(head->tag);
- u32 cc = be32_to_cpu(auth->ordinal);
int parm_len, len, i, handles;
if (!auth)
return rc;
+ cc = be32_to_cpu(auth->ordinal);
+
if (auth->session >= TPM_HEADER_SIZE) {
WARN(1, "tpm session not filled correctly\n");
goto out;
--
2.25.1
