[prev in list] [next in list] [prev in thread] [next in thread]
List: trousers-tech
Subject: Re: [TrouSerS-tech] tpm-tools: corrupt output of tpm_version command
From: "Debora Velarde" <dvelarde () us ! ibm ! com>
Date: 2018-12-04 17:57:19
Message-ID: OF8DCFC2ED.DE0020E9-ON00258359.006247B2-00258359.0062A1F6 () notes ! na ! collabserv ! com
[Download RAW message or body]
[Attachment #2 (text/html)]
<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, \
sans-serif;font-size:12pt" ><div dir="ltr" >Thank you Matthias. </div> <div \
dir="ltr" > </div> <div dir="ltr" >-Debbie</div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid \
#aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" \
>----- Original message -----<br>From: Matthias Gerstner \
> <mgerstner@suse.de><br>To: trousers-tech@lists.sf.net<br>Cc:<br>Subject: \
> [TrouSerS-tech] tpm-tools: corrupt output of tpm_version command<br>Date: Mon, Dec \
> 3, 2018 4:50 AM<br>
<div><font face="Default Monospace,Courier New,Courier,monospace" size="2" \
>Hello,<br><br>a customer reported getting corrupt output when running \
> the<br>'tpm_version' command. It turns out there are two issues in the \
> code:<br><br>- NULL bytes in the TPM Vendor ID are output<br>- Possibly undefined \
> data is printed on stderr, since an unterminated<br> string buffer is \
> used. This might also lead to a crash in \
> some<br> circumstances<br><br>Please find attached two patches that \
> address these two issues.<br><br>Regards<br><br>Matthias<br><br>--<br>Matthias \
> Gerstner <matthias.gerstner@suse.de><br>Dipl.-Wirtsch.-Inf. (FH), Security \
> Engineer<br><a href="https://www.suse.com/security" target="_blank" \
> >https://www.suse.com/security</a><br>Telefon: +49 911 740 53 290<br>GPG Key ID: \
> > 0x14C405C971923553<br><br>SUSE Linux GmbH<br>GF: Felix Imendörffer, Jane \
> > Smithard, Graham Norton<br>HRB 21284 (AG Nuernberg)</font></div>
<div id="MIMEAttachInfoDiv" style="display:none" \
title="x-diff|0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch" \
> </div> <div id="MIMEAttachInfoDiv" style="display:none" \
> title="x-diff|0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch" \
> > </div>
<div id="MIMEAttachInfoDiv" style="display:none" title="pgp-signature|signature.asc" \
> </div> <div><font face="Default Monospace,Courier New,Courier,monospace" \
> size="2" >_______________________________________________<br>TrouSerS-tech mailing \
> list<br>TrouSerS-tech@lists.sourceforge.net<br><a \
> href="https://lists.sourceforge.net/lists/listinfo/trousers-tech" target="_blank" \
> >https://lists.sourceforge.net/lists/listinfo/trousers-tech</a></font></div></blockquote>
> >
<div dir="ltr" > </div></div><BR>
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic