WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added cap parsing limit checks. Added missing `TPM_CAP_PCR_PROPERTIES`.

pull/383/head
David Garske 2024-10-31 08:11:53 -07:00
parent ebf7a6c7fb
commit 180a74e8c3
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/tpm2.c
View File

@ -884,6 +884,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_ALG_PROPERTY* algorithms = TPML_ALG_PROPERTY* algorithms =
&out->capabilityData.data.algorithms; &out->capabilityData.data.algorithms;
TPM2_Packet_ParseU32(&packet, &algorithms->count); TPM2_Packet_ParseU32(&packet, &algorithms->count);
if (algorithms->count > MAX_CAP_ALGS)
algorithms->count = MAX_CAP_ALGS;
for (i=0; i<(int)algorithms->count; i++) { for (i=0; i<(int)algorithms->count; i++) {
TPM2_Packet_ParseU16(&packet, TPM2_Packet_ParseU16(&packet,
&algorithms->algProperties[i].alg); &algorithms->algProperties[i].alg);
@ -897,6 +899,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_HANDLE* handles = TPML_HANDLE* handles =
&out->capabilityData.data.handles; &out->capabilityData.data.handles;
TPM2_Packet_ParseU32(&packet, &handles->count); TPM2_Packet_ParseU32(&packet, &handles->count);
if (handles->count > MAX_CAP_HANDLES)
handles->count = MAX_CAP_HANDLES;
for (i=0; i<(int)handles->count; i++) { for (i=0; i<(int)handles->count; i++) {
TPM2_Packet_ParseU32(&packet, &handles->handle[i]); TPM2_Packet_ParseU32(&packet, &handles->handle[i]);
} }
@ -907,6 +911,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_CCA* cmdAttribs = TPML_CCA* cmdAttribs =
&out->capabilityData.data.command; &out->capabilityData.data.command;
TPM2_Packet_ParseU32(&packet, &cmdAttribs->count); TPM2_Packet_ParseU32(&packet, &cmdAttribs->count);
if (cmdAttribs->count > MAX_CAP_CC)
cmdAttribs->count = MAX_CAP_CC;
for (i=0; i<(int)cmdAttribs->count; i++) { for (i=0; i<(int)cmdAttribs->count; i++) {
TPM2_Packet_ParseU32(&packet, TPM2_Packet_ParseU32(&packet,
&cmdAttribs->commandAttributes[i]); &cmdAttribs->commandAttributes[i]);
@ -919,6 +925,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_CC* cmdCodes = TPML_CC* cmdCodes =
&out->capabilityData.data.ppCommands; &out->capabilityData.data.ppCommands;
TPM2_Packet_ParseU32(&packet, &cmdCodes->count); TPM2_Packet_ParseU32(&packet, &cmdCodes->count);
if (cmdCodes->count > MAX_CAP_CC)
cmdCodes->count = MAX_CAP_CC;
for (i=0; i<(int)cmdCodes->count; i++) { for (i=0; i<(int)cmdCodes->count; i++) {
TPM2_Packet_ParseU32(&packet, TPM2_Packet_ParseU32(&packet,
&cmdCodes->commandCodes[i]); &cmdCodes->commandCodes[i]);
@ -937,6 +945,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_TAGGED_TPM_PROPERTY* prop = TPML_TAGGED_TPM_PROPERTY* prop =
&out->capabilityData.data.tpmProperties; &out->capabilityData.data.tpmProperties;
TPM2_Packet_ParseU32(&packet, &prop->count); TPM2_Packet_ParseU32(&packet, &prop->count);
if (prop->count > MAX_TPM_PROPERTIES)
prop->count = MAX_TPM_PROPERTIES;
for (i=0; i<(int)prop->count; i++) { for (i=0; i<(int)prop->count; i++) {
TPM2_Packet_ParseU32(&packet, TPM2_Packet_ParseU32(&packet,
&prop->tpmProperty[i].property); &prop->tpmProperty[i].property);
@ -950,6 +960,17 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_TAGGED_PCR_PROPERTY* pcrProp = TPML_TAGGED_PCR_PROPERTY* pcrProp =
&out->capabilityData.data.pcrProperties; &out->capabilityData.data.pcrProperties;
TPM2_Packet_ParseU32(&packet, &pcrProp->count); TPM2_Packet_ParseU32(&packet, &pcrProp->count);
if (pcrProp->count > MAX_PCR_PROPERTIES)
pcrProp->count = MAX_PCR_PROPERTIES;
for (i=0; i<(int)pcrProp->count; i++) {
TPMS_TAGGED_PCR_SELECT* sel = &pcrProp->pcrProperty[i];
TPM2_Packet_ParseU32(&packet, &sel->tag);
TPM2_Packet_ParseU8(&packet, &sel->sizeofSelect);
if (sel->sizeofSelect > PCR_SELECT_MAX)
sel->sizeofSelect = PCR_SELECT_MAX;
TPM2_Packet_ParseBytes(&packet, sel->pcrSelect,
sel->sizeofSelect);
}
break; break;
} }
case TPM_CAP_ECC_CURVES: case TPM_CAP_ECC_CURVES:
@ -957,6 +978,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_ECC_CURVE* eccCurves = TPML_ECC_CURVE* eccCurves =
&out->capabilityData.data.eccCurves; &out->capabilityData.data.eccCurves;
TPM2_Packet_ParseU32(&packet, &eccCurves->count); TPM2_Packet_ParseU32(&packet, &eccCurves->count);
if (eccCurves->count > MAX_ECC_CURVES)
eccCurves->count = MAX_ECC_CURVES;
for (i=0; i<(int)eccCurves->count; i++) { for (i=0; i<(int)eccCurves->count; i++) {
TPM2_Packet_ParseU16(&packet, TPM2_Packet_ParseU16(&packet,
&eccCurves->eccCurves[i]); &eccCurves->eccCurves[i]);
@ -968,6 +991,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_TAGGED_POLICY* authPol = TPML_TAGGED_POLICY* authPol =
&out->capabilityData.data.authPolicies; &out->capabilityData.data.authPolicies;
TPM2_Packet_ParseU32(&packet, &authPol->count); TPM2_Packet_ParseU32(&packet, &authPol->count);
if (authPol->count > MAX_TAGGED_POLICIES)
authPol->count = MAX_TAGGED_POLICIES;
for (i=0; i<(int)authPol->count; i++) { for (i=0; i<(int)authPol->count; i++) {
int digSz; int digSz;
TPMS_TAGGED_POLICY* pol = &authPol->policies[i]; TPMS_TAGGED_POLICY* pol = &authPol->policies[i];
@ -988,6 +1013,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
TPML_ACT_DATA* actData = TPML_ACT_DATA* actData =
&out->capabilityData.data.actData; &out->capabilityData.data.actData;
TPM2_Packet_ParseU32(&packet, &actData->count); TPM2_Packet_ParseU32(&packet, &actData->count);
if (actData->count > MAX_ACT_DATA)
actData->count = MAX_ACT_DATA;
for (i=0; i<(int)actData->count; i++) { for (i=0; i<(int)actData->count; i++) {
TPM2_Packet_ParseU32(&packet, TPM2_Packet_ParseU32(&packet,
&actData->actData[i].handle); &actData->actData[i].handle);

2
src/tpm2_packet.c
View File

@ -425,6 +425,8 @@ void TPM2_Packet_ParsePCR(TPM2_Packet* packet, TPML_PCR_SELECTION* pcr)
{ {
int i; int i;
TPM2_Packet_ParseU32(packet, &pcr->count); TPM2_Packet_ParseU32(packet, &pcr->count);
if (pcr->count > HASH_COUNT)
pcr->count = HASH_COUNT;
for (i=0; i<(int)pcr->count; i++) { for (i=0; i<(int)pcr->count; i++) {
TPM2_Packet_ParseU16(packet, &pcr->pcrSelections[i].hash); TPM2_Packet_ParseU16(packet, &pcr->pcrSelections[i].hash);
TPM2_Packet_ParseU8(packet, &pcr->pcrSelections[i].sizeofSelect); TPM2_Packet_ParseU8(packet, &pcr->pcrSelections[i].sizeofSelect);