'Re: [TrouSerS-tech] [PATCH 16/17] Prevents dereference of null when call TCSP_NV_ReadValueAuth_Inter'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-tech
Subject:    Re: [TrouSerS-tech] [PATCH 16/17] Prevents dereference of null when call TCSP_NV_ReadValueAuth_Inter
From:       "Fuchs, Andreas" <andreas.fuchs () sit ! fraunhofer ! de>
Date:       2014-04-11 9:52:50
Message-ID: 1397209970.15139.42.camel () pc-fuchslap2 ! sit ! fraunhofer ! de
[Download RAW message or body]

Disclaimer:
I could not complie-test or runtime-test these patches right now. This is a pure \
code-only review of the patches.

Looks good.

Am Mittwoch, den 09.04.2014, 15:41 -0300 schrieb rmaciel@linux.vnet.ibm.com:
> From: Richard Maciel <rmaciel@linux.vnet.ibm.com>
> 
> Related coverity CID 10289
> 
> tcs_wrap_NV_ReadValueAuth can call TCSP_NV_ReadValueAuth_Internal
> with a null auth. However, the latter was dereferencing the pointer
> var containing the auth data without checking it, which possibly could
> cause a dereference null error.
> 
> Signed-off-by: Richard Maciel <rmaciel@linux.vnet.ibm.com>
> ---
> src/tcs/tcsi_nv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/tcs/tcsi_nv.c b/src/tcs/tcsi_nv.c
> index f19ab94..1c867ea 100644
> --- a/src/tcs/tcsi_nv.c
> +++ b/src/tcs/tcsi_nv.c
> @@ -202,7 +202,7 @@ TCSP_NV_ReadValueAuth_Internal(TCS_CONTEXT_HANDLE hContext,	/* \
> in */  LogDebugFn("Enter");
> 	if ((result = ctx_verify_context(hContext)))
> 		return result;
> -	if ((result = auth_mgr_check(hContext, &NVAuth->AuthHandle)))
> +	if ((NVAuth != NULL) && (result = auth_mgr_check(hContext, &NVAuth->AuthHandle)))
> 		goto done;
> 
> 	if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValueAuth, &off_set, txBlob, hNVStore, \
> offset,

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic