Instead of uint32_t use uint64_t's for accumulating needed buffer sizes
that are calculated by adding uint32_t length indicators. Use the uint64_t
to check for excessively large buffer sizes that could cause an integer
overflow if uint32_t was used.
This patch addresses the case where a user passes an old version of TPM
state file to swtpm for reading and the file is 4GB in size and thus can
cause an integer overflow in this particular function.
Otherwise, the previous fix to tlv_data_find_tag() protects swtpm from
integer overflows and later out-of-bound accesses when the TPM state is
initially read from a file (assuming the state file has a header, which
is the case since swtpm 0.1). If an excessively large buffer was passed
to libtpms, it would reject it since it would never be able to take in
that much data.
Data written to the file are coming from libtpms that we can trust in
terms of length indicators.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid an integer wrap-around use uint64_t for 'offset' so that adding
an untrusted 32-bit number will allow for comparison against the trusted
'buffer_len' 32-bit number:
if (offset + td->tlv.length > buffer_len)
return NULL;
This avoids possible out-of-bound accesses and crashes when reading
specially crafted TPM state input data that have a tlv.length that is so
large that is causes an integer overflow.
Resolves: https://github.com/stefanberger/swtpm/issues/678
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
With relative paths being used the chdir("/") in daemon() will
cause file access errors.
Resolves: https://github.com/stefanberger/swtpm/issues/671
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This will result in -D_FORTIFY_SOURCE=2 actually being added to
HARDENING_CFLAGS where applicable.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Add probing for -fstack-protector to the existing
-fstack-protector-strong since not all platforms support either one
of them.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When the ${HOME} directory is used for finding swtpm_setup.conf it is
to be found in ${HOME}/.config/swtpm_setup.conf.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolves: https://github.com/stefanberger/swtpm/issues/664
To test the replacement of environment variables with their values
use ${WORKDIR} in the test case config files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm_localca v0.5 supported resolution of environment variables for
the swtpm-localca.conf configuration file. This functionality was lost
during the port to 'C' in v0.6. This patch now re-implements it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolves: https://github.com/stefanberger/swtpm/issues/663
Avoid trying to create TPM certificates while the issuer certificate has
not been created, yet (in a 2nd step).
To resolve this do not just test for availability of the signing key, which
is created first, but also test for the issuer certifcate, which is created
in a 2nd step when the local CA is created. If either one is missing,
attempt to create the CA.
Resolves: https://github.com/stefanberger/swtpm/issues/644
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This fix addresses Coverity issue CID 375869.
Check the header size indicated in the header of the state against the
expected size and return an error code in case the header size indicator
is different. There was only one header size so far since blobheader was
introduced, so we don't need to deal with different sizes.
Without this fix a specially crafted header could cause out-of-bounds
accesses on the byte array containing the swtpm's state.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the (undocumented) OPENSSL_SUPPRESS_DEPRECATED to suppress the
deprecated API warnings when compiling swtpm and swtpm_setup with
OpenSSL 3.0.0 replacing the global -Wno-deprecated-declarations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To be able to build with OpenSSL 3.0 we need to added
-Wno-deprecated-declarations to the default CFLAGS.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The PID filename was generated using the ${SWTPM} environment variable,
which caused test failures if set to a URL for example. Replace it with
'swptm'.
This issue was reported in issue #454.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add MY_CFLAGS, CFLAGS, and MY_LDFLAGS to all Makefile.am's so that they
can be defined during configure time as well as CFLAGS added during
build time. LDFLAGS were already handled correctly during build-time.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid the following warning use MY_ as a prefix for the offending
variables that have AM_ as a prefix:
configure.ac:587: warning: macro 'AM_CFLAGS' not found in library
configure.ac:590: warning: macro 'AM_LDFLAGS' not found in library
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
autoreconf from autoconf 2.71 emmits a lot of warnings:
```
+ autoreconf -fiv
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
aclocal: warning: couldn't open directory 'm4': No such file or directory
configure.ac:587: warning: macro 'AM_CFLAGS' not found in library
configure.ac:590: warning: macro 'AM_LDFLAGS' not found in library
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: aclocal --force -I m4
configure.ac:587: warning: macro 'AM_CFLAGS' not found in library
configure.ac:590: warning: macro 'AM_LDFLAGS' not found in library
autoreconf: running: /usr/bin/autoconf --force
configure.ac:29: warning: The macro `AC_CONFIG_HEADER' is obsolete.
configure.ac:29: You should run autoupdate.
./lib/autoconf/status.m4:719: AC_CONFIG_HEADER is expanded from...
configure.ac:29: the top level
configure.ac:53: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:53: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:53: the top level
configure.ac:76: warning: The macro `AC_HEADER_STDC' is obsolete.
configure.ac:76: You should run autoupdate.
./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
configure.ac:76: the top level
configure.ac:81: warning: The macro `AC_TYPE_SIGNAL' is obsolete.
configure.ac:81: You should run autoupdate.
./lib/autoconf/types.m4:776: AC_TYPE_SIGNAL is expanded from...
configure.ac:81: the top level
configure.ac:202: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:202: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:202: the top level
configure.ac:279: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:279: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:279: the top level
configure.ac:434: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:434: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:434: the top level
configure.ac:441: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:441: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:441: the top level
configure.ac:521: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:521: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:521: the top level
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:40: installing './compile'
configure.ac:43: installing './config.guess'
configure.ac:43: installing './config.sub'
configure.ac:41: installing './install-sh'
configure.ac:48: installing './missing'
samples/Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
autoreconf: Leaving directory '.'
```
Execute autoupdate to apply all those chenges and then cleanup that
in next commits.
Signed-off-by: Tomasz Kłoczko <kloczek@github.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a missing else branch that was forgotten about when the code was trans-
lated from python. This now also gets the test case
test_tpm2_samples_create_tpmca to work again when it is run from the command
line. This test case doesn't work as part of the test suite due to
concurreny issues with other test cases using tpm2-abrmd at the same.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cygwin's regex implementation doesn't seem to understand '\\s'
but needs [[:space:]] instead to properly skip over spaces.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
GnuTLS on 32-bit platforms complains about the long expiration time
of the certificates since they overflow the 32-bit time_t. Reduce
the duration to 12 years.
This system expresses time with a 32-bit time_t; that prevents dates after 2038 to be expressed by GnuTLS.
Overflow while parsing days
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses the following gcc-11 compiler issues:
In file included from /usr/include/glib-2.0/glib.h:114,
from swtpm_setup_utils.c:14:
swtpm_setup_utils.c: In function 'get_config_value':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'tmp' may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
swtpm_setup_utils.c:36:31: note: 'tmp' was declared here
36 | g_autofree gchar *tmp;
| ^~~
swtpm.c: In function 'swtpm_start':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'pidfile_file' may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
swtpm.c:54:23: note: 'pidfile_file' was declared here
54 | g_autofree gchar *pidfile_file;
| ^~~~~~~~~~~~
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses the following gcc-11 compiler issues:
In file included from /usr/include/glib-2.0/glib.h:114,
from ../src/utils/swtpm_utils.h:13,
from swtpm_localca_utils.c:24:
swtpm_localca_utils.c: In function 'get_config_envvars':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'value' may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
swtpm_localca_utils.c:98:37: note: 'value' was declared here
98 | g_autofree gchar *key, *value;
| ^~~~~
In file included from /usr/include/glib-2.0/glib.h:114,
from ../src/utils/swtpm_utils.h:13,
from swtpm_localca_utils.c:24:
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'key' may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
swtpm_localca_utils.c:98:31: note: 'key' was declared here
98 | g_autofree gchar *key, *value;
| ^~~
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
