RE: [PATCH RESEND 1/2] tpm-dev-common: Reject too short writes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > diff --git a/drivers/char/tpm/tpm-dev-common.c
> > b/drivers/char/tpm/tpm-dev-common.c
> > index 610638a..c39b581 100644
> > --- a/drivers/char/tpm/tpm-dev-common.c
> > +++ b/drivers/char/tpm/tpm-dev-common.c
> > @@ -119,7 +119,7 @@ ssize_t tpm_common_write(struct file *file, const
> char __user *buf,
> >  		return -EPIPE;
> >  	}
> >  	out_size = tpm_transmit(priv->chip, space, priv->data_buffer,
> > -				sizeof(priv->data_buffer), 0);
> > +				sizeof(priv->data_buffer), in_size, 0);
> 
> Why you couldn't just
> 
> unsigned int bufsiz;
> 
> /* ... */
> 
> bufsiz = sizeof(priv->data_buffer);
> if (in_size < bufsiz)
> 	bufsiz = in_size;
> 
> out_size = tpm_transmit(priv->chip, space, priv->data_buffer, bufsiz, 0);

Because the code needs to know both how large the buffer is (in order to avoid buffer overflows when writing to it) and how much of the data in the buffer is valid (in order not to send random junk to the TPM). This is made more explicit in PATCH 2/2.

Your example fails as soon as the response is longer than the command.

Alexander




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]