Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-01-08 20:57:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

swtpm: Return error if more bytes received than user wanted to send
Some checks are pending
Coverity Scan / coverity (push) Waiting to run
Details

Browse Source 
Return an error code if HASH_DATA received more bytes from the user than
what the user indicated in the length field that he wanted to send. This
avoids an integer underrun of the 'remain' variable in the loop that would
then cause the loop to wanting to receive around 4GB of data.

Also fix some indentation issues.
Use be32toh instead of (the equivalent) htobe32 when reading from the
packet.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2025-05-20 18:41:25 -04:00 committed by Stefan Berger
parent 4da66c66f9
commit 1db1037525
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/swtpm/ctrlchannel.c
View File

@ -695,14 +695,16 @@ int ctrlchannel_process_fd(int fd,
case CMD_HASH_DATA:
if (!*tpm_running)
goto err_not_running;
goto err_not_running;
if (n < (ssize_t)offsetof(ptm_hdata, u.req.data)) /* rw */
goto err_bad_input;
goto err_bad_input;
data = (ptm_hdata *)&input.body;
remain = htobe32(data->u.req.length);
remain = be32toh(data->u.req.length);
n -= sizeof(data->u.req.length);
if (remain < n)
goto err_bad_input;
/* n has the available number of bytes to hash */
while (true) {