From nobody Fri Apr 26 18:07:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) client-ip=78.46.105.101; envelope-from=seabios-bounces@seabios.org; helo=coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org ARC-Seal: i=1; a=rsa-sha256; t=1573077087; cv=none; d=zoho.com; s=zohoarc; b=Dv6QaucOj64qth+GSnswNTOtMmjptSMAGR38WnQUaqrSIbcDEZh2A22ZyLNvZzYrE6YDySD+KpkGbIup+eeaFGjFX1KsmahNmPtxVqz9itUzDUk4LpuZP4iI936Z8o05un3zqbloDOtiIF4Hyh1tCfw8SRkUJpVIQJwfaO6RSmk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1573077087; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Subject:To; bh=5JDs0Va3kyyZjmCGjHWD1sPeDuiifWeKRPsaskmNiH8=; b=A5Nx6D8fUyucXuasNSpN49GuTcmArQFHfq6TxEwXqtFcSLxOwZT+dq2qcDsL3yij6ZxkzSQg32U3Gi1anIWBZJs1hRhKIlqyHvbCtfV1HgcYAjxuJ1X5iK6l0z2Dn1P3wbLprzoiWsDIwY28wLLY3O0yh/XZswi+0PaJ1FQ81xc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com with SMTPS id 1573077087183715.999031190144; Wed, 6 Nov 2019 13:51:27 -0800 (PST) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTPA id 50CCE12A0EFF; Wed, 6 Nov 2019 21:51:23 +0000 (UTC) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTP id C0CC812A0EF5 for ; Wed, 6 Nov 2019 21:51:07 +0000 (UTC) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id xA6LWcok083598; Wed, 6 Nov 2019 16:36:11 -0500 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by mx0b-001b2d01.pphosted.com with ESMTP id 2w45q68ynn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Nov 2019 16:36:10 -0500 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by ppma04wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id xA6LZaOO007224; Wed, 6 Nov 2019 21:36:10 GMT Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by ppma04wdc.us.ibm.com with ESMTP id 2w41uja26u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Nov 2019 21:36:09 +0000 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xA6La8cK52822348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Nov 2019 21:36:08 GMT Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by IMSVA (Postfix) with ESMTP id 9DD50BE059; Wed, 6 Nov 2019 21:36:08 +0000 (GMT) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by IMSVA (Postfix) with ESMTP id 3332DBE058; Wed, 6 Nov 2019 21:36:08 +0000 (GMT) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 6 Nov 2019 21:36:07 +0000 (GMT) From: Stefan Berger To: seabios@seabios.org, kevin@koconnor.net Date: Wed, 6 Nov 2019 16:35:59 -0500 Message-Id: <20191106213600.2457517-2-stefanb@linux.vnet.ibm.com> In-Reply-To: <20191106213600.2457517-1-stefanb@linux.vnet.ibm.com> References: <20191106213600.2457517-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-11-06_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=922 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911060209 X-Spam-Level: **** Message-ID-Hash: WCDNPZDIPZSLKWJW33KUJMCAVJU3FYMB X-Message-ID-Hash: WCDNPZDIPZSLKWJW33KUJMCAVJU3FYMB X-MailFrom: stefanb@linux.vnet.ibm.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-seabios.seabios.org-0; header-match-seabios.seabios.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: ivansprundel@ioactive.com, joseph.tartaro@ioactive.com, Stefan Berger X-Mailman-Version: 3.2.3 Precedence: list Subject: [SeaBIOS] [PATCH 1/2] tpm: Require a response to have minimum size of a valid response header List-Id: SeaBIOS mailing list Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Transfer-Encoding: quoted-printable Authentication-Results: coreboot.org; auth=pass smtp.auth=mailman@coreboot.org smtp.mailfrom=seabios-bounces@seabios.org X-Spamd-Bar: / Content-Type: text/plain; charset="utf-8" Defend against a broken TPM 1.2 or TPM 2.0 that doesn't send at least a full response header in the response but less than 10 bytes. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- src/hw/tpm_drivers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c index e4770b3..2b5753c 100644 --- a/src/hw/tpm_drivers.c +++ b/src/hw/tpm_drivers.c @@ -620,7 +620,8 @@ tpmhw_transmit(u8 locty, struct tpm_req_header *req, return -1; =20 irc =3D td->readresp(respbuffer, respbufferlen); - if (irc !=3D 0) + if (irc !=3D 0 || + *respbufferlen < sizeof(struct tpm_rsp_header)) return -1; =20 td->ready(); --=20 2.20.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org From nobody Fri Apr 26 18:07:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) client-ip=78.46.105.101; envelope-from=seabios-bounces@seabios.org; helo=coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org ARC-Seal: i=1; a=rsa-sha256; t=1573082070; cv=none; d=zoho.com; s=zohoarc; b=DIIEiUQ6c42Nt0aFt2M+/D7lGgMLI7LhxcsPoEsgrGf7Pp+uuHex23D7w4X0QQS8GKK7M+W5SVF3qULPlgpAr98827pePsb41ucTo8HZIl994sK0o8QjxA2I3ifv/rPgp3KciF6Hdd24E9+t0AaoS8fYaslBVFFgzrQYp+x+tMU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1573082070; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Subject:To; bh=+bHyA8gHGoAQbEOAPsG6FGrQ98xpbmVUOlKPciNmz8E=; b=HM47s2bkecoB7JnS9a4pA12AsMzzUSaCYlFxSvuMnAR31BMb0m4hS6JM4LKHl+T+3jDFaHVCPnP+pJeMfEJtnO5yXcI2LhADFe9povTSmGrqocTT3ZSqH75XSpEhB7yaLpDEfVteu898ycbheX17RVh1P48Ptn7kV4X+J0TQgZk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com with SMTPS id 157308207005529.84586213594514; Wed, 6 Nov 2019 15:14:30 -0800 (PST) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTPA id 13A2512A0EFF; Wed, 6 Nov 2019 23:14:25 +0000 (UTC) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTP id 77A9012A0EF5 for ; Wed, 6 Nov 2019 23:14:05 +0000 (UTC) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id xA6LXr9M146341; Wed, 6 Nov 2019 16:36:12 -0500 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by mx0a-001b2d01.pphosted.com with ESMTP id 2w41wr1w0m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Nov 2019 16:36:11 -0500 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by ppma02wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id xA6LZbVC028260; Wed, 6 Nov 2019 21:36:10 GMT Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by ppma02wdc.us.ibm.com with ESMTP id 2w41ujj247-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Nov 2019 21:36:10 +0000 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xA6La9JC45744604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Nov 2019 21:36:09 GMT Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by IMSVA (Postfix) with ESMTP id 4E9B4BE04F; Wed, 6 Nov 2019 21:36:09 +0000 (GMT) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by IMSVA (Postfix) with ESMTP id D7FBDBE05F; Wed, 6 Nov 2019 21:36:08 +0000 (GMT) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 6 Nov 2019 21:36:08 +0000 (GMT) From: Stefan Berger To: seabios@seabios.org, kevin@koconnor.net Date: Wed, 6 Nov 2019 16:36:00 -0500 Message-Id: <20191106213600.2457517-3-stefanb@linux.vnet.ibm.com> In-Reply-To: <20191106213600.2457517-1-stefanb@linux.vnet.ibm.com> References: <20191106213600.2457517-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-11-06_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911060209 X-Spam-Level: ** Message-ID-Hash: XC5EOBGYNHFWLT34M4LQ33AJOPEB7424 X-Message-ID-Hash: XC5EOBGYNHFWLT34M4LQ33AJOPEB7424 X-MailFrom: stefanb@linux.vnet.ibm.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-seabios.seabios.org-0; header-match-seabios.seabios.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: ivansprundel@ioactive.com, joseph.tartaro@ioactive.com, Stefan Berger X-Mailman-Version: 3.2.3 Precedence: list Subject: [SeaBIOS] [PATCH 2/2] tcgbios: Check for enough bytes returned from TPM2_GetCapability List-Id: SeaBIOS mailing list Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Transfer-Encoding: quoted-printable Authentication-Results: coreboot.org; auth=pass smtp.auth=mailman@coreboot.org smtp.mailfrom=seabios-bounces@seabios.org X-Spamd-Bar: / Content-Type: text/plain; charset="utf-8" When querying a TPM 2.0 for its PCRs, make sure that we get enough bytes from it in a response that did not indicate a failure. Basically we are defending against a TPM 2.0 sending responses that are not compliant to the specs. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- src/tcgbios.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c index 2e503f9..95c1e94 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -481,8 +481,17 @@ tpm20_get_pcrbanks(void) if (ret) return ret; =20 - u32 size =3D be32_to_cpu(trg->hdr.totlen) - - offsetof(struct tpm2_res_getcapability, data); + /* defend against (broken) TPM sending packets that are too short */ + u32 resplen =3D be32_to_cpu(trg->hdr.totlen); + if (resplen <=3D offsetof(struct tpm2_res_getcapability, data)) + return -1; + + u32 size =3D resplen - offsetof(struct tpm2_res_getcapability, data); + /* we need a valid tpml_pcr_selection up to and including sizeOfSelect= */ + if (size < offsetof(struct tpml_pcr_selection, selections) + + offsetof(struct tpms_pcr_selection, pcrSelect)) + return -1; + tpm20_pcr_selection =3D malloc_high(size); if (tpm20_pcr_selection) { memcpy(tpm20_pcr_selection, &trg->data, size); --=20 2.20.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org