'Re: [TrouSerS-tech] [PATCH 13/17] Prevents dereference of null when calling Tspi_Context_GetCapabili'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-tech
Subject:    Re: [TrouSerS-tech] [PATCH 13/17] Prevents dereference of null when calling Tspi_Context_GetCapabili
From:       Richard <rmaciel () linux ! vnet ! ibm ! com>
Date:       2014-04-15 18:40:58
Message-ID: 534D7D3A.4080708 () linux ! vnet ! ibm ! com
[Download RAW message or body]

Good catch. I did a mistake and followed the wrong function path 
(because of the coverity lead), so I took some time to review this and 
reevaluated my position. It's a false positive, indeed.

Thanks!

Em 11-04-2014 06:52, Fuchs, Andreas escreveu:
> Disclaimer:
> I could not complie-test or runtime-test these patches right now. This is a pure \
> code-only review of the patches. 
> If I see this correctly, then it ends up at trousers.c:Trspi_LoadBlob() with an "if \
> (size == 0) return;". So this is a false positive of coverity, since the case of \
> "rgbSubCap == NULL && ulSubCapLength != 0" is already caught. I'm afraid the patch \
> changes the RPC-message in a way that is different from the original \
> implementation. I'm not sure, if this is compatible with other implementations. I \
> have no idea though, how to silence coverity here. Maybe by adding a "rgbSubCap ? \
> ulSubCapLength : 0" into the size parameter. Hopefully this will silence coverity. 
> 
> 
> Am Mittwoch, den 09.04.2014, 15:41 -0300 schrieb rmaciel@linux.vnet.ibm.com:
> > From: Richard Maciel <rmaciel@linux.vnet.ibm.com>
> > 
> > Related to coverity CID 10293.
> > 
> > Basically for two capability values (TSS_TCSCAP_VERSION and
> > TSS_TCSCAP_PERSSTORAGE), it was possible to put NULL values on
> > subcapability, which was used as a source value by a memcpy in the
> > subsequent call tree.
> > 
> > Signed-off-by: Richard Maciel <rmaciel@linux.vnet.ibm.com>
> > ---
> > src/tspi/tspi_caps.c | 18 ++++++++++++------
> > 1 file changed, 12 insertions(+), 6 deletions(-)
> > 
> > diff --git a/src/tspi/tspi_caps.c b/src/tspi/tspi_caps.c
> > index 2997d8d..dbf999c 100644
> > --- a/src/tspi/tspi_caps.c
> > +++ b/src/tspi/tspi_caps.c
> > @@ -36,6 +36,7 @@ Tspi_Context_GetCapability(TSS_HCONTEXT tspContext,	/* in */
> > 			   BYTE ** prgbRespData)	/* out */
> > {
> > 	TSS_RESULT result;
> > +	UINT32 dummy_val = 0;
> > 
> > 	if (prgbRespData == NULL || pulRespDataLength == NULL )
> > 		return TSPERR(TSS_E_BAD_PARAMETER);
> > @@ -64,19 +65,24 @@ Tspi_Context_GetCapability(TSS_HCONTEXT tspContext,	/* in */
> > 						 pulRespDataLength,
> > 						 prgbRespData);
> > 			break;
> > -		case TSS_TCSCAP_ALG:
> > -			if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap)
> > -				return TSPERR(TSS_E_BAD_PARAMETER);
> > -			/* fall through */
> > -		case TSS_TCSCAP_VERSION:
> > +		case TSS_TCSCAP_ALG: /* fall through for options below */
> > 		case TSS_TCSCAP_CACHING:
> > -		case TSS_TCSCAP_PERSSTORAGE:
> > 		case TSS_TCSCAP_MANUFACTURER:
> > 		case TSS_TCSCAP_TRANSPORT:
> > 		case TSS_TCSCAP_PLATFORM_CLASS:
> > +			if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap)
> > +				return TSPERR(TSS_E_BAD_PARAMETER);
> > +
> > 			result = RPC_GetCapability(tspContext, capArea, ulSubCapLength, rgbSubCap,
> > 						   pulRespDataLength, prgbRespData);
> > 			break;
> > +		case TSS_TCSCAP_VERSION:
> > +		case TSS_TCSCAP_PERSSTORAGE:
> > +			result = RPC_GetCapability(tspContext, capArea,
> > +					ulSubCapLength ? ulSubCapLength : sizeof(UINT32),
> > +					rgbSubCap ? rgbSubCap : &dummy_val,
> > +					pulRespDataLength, prgbRespData);
> > +			break;
> > 		default:
> > 			LogDebug("Invalid capArea: 0x%x", capArea);
> > 			result = TSPERR(TSS_E_BAD_PARAMETER);


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic