packages/swtpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:fd611ffa2d088c4bd0d2a82dfa09f348a667a0ab
Branches Tags
packages:main
..
compare: packages:149f310fe08527f164a45657b805e81856e1b7eb
Branches Tags
packages:main

No commits in common. "fd611ffa2d088c4bd0d2a82dfa09f348a667a0ab" and "149f310fe08527f164a45657b805e81856e1b7eb" have entirely different histories.
fd611ffa2d ... 149f310fe0

12 changed files with 778 additions and 96 deletions
Show Stats Expand all files Collapse all files

25
0000-disable-test_tpm2_swtpm_localca_pkcs11.test.patch
View File

@ -1,25 +0,0 @@
From 5f54b90c87da3954ae400b5219bcd9d2064ba4c8 Mon Sep 17 00:00:00 2001
From: yezengruan <yezengruan@huawei.com>
Date: Mon, 6 Feb 2023 10:56:44 +0800
Subject: [PATCH] disable test_tpm2_swtpm_localca_pkcs11.test
Signed-off-by: yezengruan <yezengruan@huawei.com>
---
tests/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 4c601b8..2e523b5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -94,7 +94,6 @@ TESTS += \
test_tpm2_swtpm_cert \
test_tpm2_swtpm_cert_ecc \
test_tpm2_swtpm_localca \
- test_tpm2_swtpm_localca_pkcs11.test \
test_tpm2_swtpm_setup_create_cert
if HAVE_TCSD
--
2.27.0

114
0000-rename-deprecated-libtasn1-types-to-fix-build-error.patch Normal file
View File

@ -0,0 +1,114 @@
From 0b0041bda9df8bf704d7aff8c32da0d18cd9eb28 Mon Sep 17 00:00:00 2001
From: Jonas Witschel <diabonas@archlinux.org>
Date: Wed, 19 May 2021 10:30:41 +0200
Subject: [PATCH] swtpm_cert: rename deprecated libtasn1 types
These types have been renamed in libtasn1 version 3.0 (released 2012-10-28).
The most recent libtasn1 version 4.17.0 (released 2021-05-13) now prints
deprecation warnings that are made fatal by -Werror:
ek-cert.c:76:13: error: 'ASN1_ARRAY_TYPE' macro is deprecated, use 'asn1_static_node' instead. [-Werror]
76 | extern const ASN1_ARRAY_TYPE tpm_asn1_tab[];
|^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[...]
The new types were introduced almost ten years ago, so they should be pretty
universally available by now.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
---
src/swtpm_cert/ek-cert.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c
index 651d60f..cc1ec43 100644
--- a/src/swtpm_cert/ek-cert.c
+++ b/src/swtpm_cert/ek-cert.c
@@ -72,9 +72,9 @@ enum cert_type_t {
#define ALLOW_SIGNING_F 2 /* EK can be used for signing */
#define DECRYPTION_F 4 /* EK can be used for decryption; default */
-extern const ASN1_ARRAY_TYPE tpm_asn1_tab[];
+extern const asn1_static_node tpm_asn1_tab[];
-ASN1_TYPE _tpm_asn;
+asn1_node _tpm_asn;
typedef struct tdTCG_PCCLIENT_STORED_CERT {
uint16_t tag;
@@ -318,7 +318,7 @@ asn_free(void)
}
static int
-encode_asn1(gnutls_datum_t *asn1, ASN1_TYPE at)
+encode_asn1(gnutls_datum_t *asn1, asn1_node at)
{
int err;
@@ -346,7 +346,7 @@ encode_asn1(gnutls_datum_t *asn1, ASN1_TYPE at)
}
static int
-build_tpm_manufacturer_info(ASN1_TYPE *at,
+build_tpm_manufacturer_info(asn1_node *at,
const char *manufacturer,
const char *tpm_model,
const char *tpm_version)
@@ -428,7 +428,7 @@ create_tpm_manufacturer_info(const char *manufacturer,
const char *tpm_version,
gnutls_datum_t *asn1)
{
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
+ asn1_node at = NULL;
int err;
err = asn_init();
@@ -460,7 +460,7 @@ create_tpm_manufacturer_info(const char *manufacturer,
}
static int
-build_platf_manufacturer_info(ASN1_TYPE *at,
+build_platf_manufacturer_info(asn1_node *at,
const char *manufacturer,
const char *platf_model,
const char *platf_version,
@@ -554,7 +554,7 @@ create_platf_manufacturer_info(const char *manufacturer,
gnutls_datum_t *asn1,
bool forTPM2)
{
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
+ asn1_node at = NULL;
int err;
err = asn_init();
@@ -597,9 +597,9 @@ create_tpm_and_platform_manuf_info(
gnutls_datum_t *asn1,
bool forTPM2)
{
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
- ASN1_TYPE tpm_at = ASN1_TYPE_EMPTY;
- ASN1_TYPE platf_at = ASN1_TYPE_EMPTY;
+ asn1_node at = NULL;
+ asn1_node tpm_at = NULL;
+ asn1_node platf_at = NULL;
int err;
gnutls_datum_t datum = {
.data = NULL,
@@ -710,7 +710,7 @@ create_tpm_specification_info(const char *spec_family,
unsigned int spec_revision,
gnutls_datum_t *asn1)
{
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
+ asn1_node at = NULL;
int err;
unsigned int bigendian;
unsigned char twoscomp[1 + sizeof(bigendian)] = { 0, };
@@ -782,7 +782,7 @@ create_tpm_specification_info(const char *spec_family,
static int
create_cert_extended_key_usage(const char *oid, gnutls_datum_t *asn1)
{
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
+ asn1_node at = NULL;
int err;
err = asn_init();

51
0001-swtpm-Check-header-size-indicator-against-expected-s.patch Normal file
View File

@ -0,0 +1,51 @@
From c518445f9fddc786f191f4f5926bf483fa2bd1ff Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Wed, 16 Feb 2022 11:17:47 -0500
Subject: [PATCH] swtpm: Check header size indicator against expected size (CID
375869)
This fix addresses Coverity issue CID 375869 (CVE-2022-23645).
Check the header size indicated in the header of the state against the
expected size and return an error code in case the header size indicator
is different. There was only one header size so far since blobheader was
introduced, so we don't need to deal with different sizes.
Without this fix a specially crafted header could cause out-of-bounds
accesses on the byte array containing the swtpm's state.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index dc7cfbf1..0efb9da8 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -1260,6 +1260,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
uint8_t *hdrversion, bool quiet)
{
blobheader *bh = (blobheader *)data;
+ uint16_t hdrsize;
if (length < sizeof(bh)) {
if (!quiet)
@@ -1285,8 +1286,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
return TPM_BAD_VERSION;
}
+ hdrsize = ntohs(bh->hdrsize);
+ if (hdrsize != sizeof(blobheader)) {
+ logprintf(STDERR_FILENO,
+ "bad header size: %u != %zu\n",
+ hdrsize, sizeof(blobheader));
+ return TPM_BAD_DATASIZE;
+ }
+
*hdrversion = bh->version;
- *dataoffset = ntohs(bh->hdrsize);
+ *dataoffset = hdrsize;
*hdrflags = ntohs(bh->flags);
return TPM_SUCCESS;

31
0001-swtpm_setup-Initialized-argv-in-get_swtpm_capabiliti.patch
View File

@ -1,31 +0,0 @@
From 72d9c031a01e567d4bb172ce4f33e97f5659b4f8 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 19 Dec 2022 09:27:57 +0100
Subject: [PATCH] swtpm_setup: Initialized @argv in get_swtpm_capabilities()
The compiler (though wrongly) identifies that the @argv variable
inside of get_swtpm_capabilities() function cam be used
uninitialized. While this is a spurious warning, it's common
practice to initialize g_autofree variables to NULL.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/swtpm_setup/swtpm_setup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
index 1b528c8..3570235 100644
--- a/src/swtpm_setup/swtpm_setup.c
+++ b/src/swtpm_setup/swtpm_setup.c
@@ -937,7 +937,7 @@ static int get_swtpm_capabilities(gchar **swtpm_prg_l, gboolean is_tpm2,
gchar *my_argv[] = { "--print-capabilities", is_tpm2 ? "--tpm2" : NULL, NULL };
g_autofree gchar *logop = NULL;
g_autoptr(GError) error = NULL;
- g_autofree gchar **argv;
+ g_autofree gchar **argv = NULL;
int exit_status = 0;
gboolean success;
int ret = 1;
--
2.41.0.windows.1

164
0002-swtpm-Write-state-files-atomically-using-file-renami.patch Normal file
View File

@ -0,0 +1,164 @@
From b3a5dde7f5a8874084f978ea698a749d858e769a Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Fri, 2 Oct 2020 16:29:18 -0400
Subject: [PATCH 1/5] swtpm: Write state files atomically using file renaming
To support writing state files atomically we first write into
a temporary file and then rename it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 59 ++++++++++++++++++++++++++++++----------
1 file changed, 45 insertions(+), 14 deletions(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 6f3f937..3b928d0 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -132,7 +132,8 @@ static unsigned char *g_ivec;
static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename,
size_t bufsize,
uint32_t tpm_number,
- const char *name);
+ const char *name,
+ bool is_tempfile);
static TPM_RESULT SWTPM_NVRAM_EncryptData(const encryptionkey *key,
tlv_data *td,
@@ -312,7 +313,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
if (rc == 0) {
/* map name to the rooted filename */
rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
- tpm_number, name);
+ tpm_number, name, false);
}
if (rc == 0) {
@@ -473,6 +474,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
uint32_t lrc;
int irc;
FILE *file = NULL;
+ char tmpfile[FILENAME_MAX]; /* rooted temporary file */
char filename[FILENAME_MAX]; /* rooted file name from name */
unsigned char *filedata = NULL;
uint32_t filedata_length = 0;
@@ -484,16 +486,24 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
if (rc == 0) {
/* map name to the rooted filename */
rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
- tpm_number, name);
+ tpm_number, name, false);
}
+
+ if (rc == 0) {
+ /* map name to the rooted temporary file */
+ rc = SWTPM_NVRAM_GetFilenameForName(tmpfile, sizeof(tmpfile),
+ tpm_number, name, true);
+ }
+
+
if (rc == 0) {
/* open the file */
- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", filename);
- file = fopen(filename, "wb"); /* closed @1 */
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", tmpfile);
+ file = fopen(tmpfile, "wb"); /* closed @1 */
if (file == NULL) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Error (fatal) opening %s for "
- "write failed, %s\n", filename, strerror(errno));
+ "write failed, %s\n", tmpfile, strerror(errno));
rc = TPM_FAIL;
}
}
@@ -502,7 +512,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
if (fchmod(fileno(file), tpmstate_get_mode()) < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Could not fchmod %s : %s\n",
- filename, strerror(errno));
+ tmpfile, strerror(errno));
rc = TPM_FAIL;
}
}
@@ -548,7 +558,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
if (file != NULL) {
- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", filename);
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", tmpfile);
irc = fclose(file); /* @1 */
if (irc != 0) {
logprintf(STDERR_FILENO,
@@ -556,12 +566,24 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
rc = TPM_FAIL;
}
else {
- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closed file %s\n", filename);
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closed file %s\n", tmpfile);
+ }
+ }
+
+ if (rc == 0 && file != NULL) {
+ irc = rename(tmpfile, filename);
+ if (irc != 0) {
+ logprintf(STDERR_FILENO,
+ "SWTPM_NVRAM_StoreData: Error (fatal) renaming file: %s\n",
+ strerror(errno));
+ rc = TPM_FAIL;
+ } else {
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Renamed file to %s\n", filename);
}
}
if (rc != 0 && file != NULL) {
- unlink(filename);
+ unlink(tmpfile);
}
tlv_data_free(td, td_len);
@@ -585,12 +607,16 @@ TPM_RESULT SWTPM_NVRAM_StoreData(const unsigned char *data,
The filename is of the form:
state_directory/tpm_number.name
+
+ A temporary filename used to write to may be created. It shold be rename()'d to
+ the non-temporary filename.
*/
static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, /* output: rooted filename */
size_t bufsize,
uint32_t tpm_number,
- const char *name) /* input: abstract name */
+ const char *name, /* input: abstract name */
+ bool is_tempfile) /* input: is temporary file? */
{
TPM_RESULT res = TPM_SUCCESS;
int n;
@@ -606,8 +632,13 @@ static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, /* outpu
break;
}
- n = snprintf(filename, bufsize, "%s/tpm%s-%02lx.%s",
- state_directory, suffix, (unsigned long)tpm_number, name);
+ if (is_tempfile) {
+ n = snprintf(filename, bufsize, "%s/TMP%s-%02lx.%s",
+ state_directory, suffix, (unsigned long)tpm_number, name);
+ } else {
+ n = snprintf(filename, bufsize, "%s/tpm%s-%02lx.%s",
+ state_directory, suffix, (unsigned long)tpm_number, name);
+ }
if ((size_t)n > bufsize) {
res = TPM_FAIL;
}
@@ -638,7 +669,7 @@ TPM_RESULT SWTPM_NVRAM_DeleteName(uint32_t tpm_number,
TPM_DEBUG(" SWTPM_NVRAM_DeleteName: Name %s\n", name);
/* map name to the rooted filename */
rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
- tpm_number, name);
+ tpm_number, name, false);
if (rc == 0) {
irc = remove(filename);
if ((irc != 0) && /* if the remove failed */
--
2.27.0

77
0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch Normal file
View File

@ -0,0 +1,77 @@
From ba12415fca1a3891a1386698eab09735a025d7ea Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:40:35 -0500
Subject: [PATCH 2/5] swtpm_cert: Switch to open() from fopen() for writing
certificate
Switch to open from fopen() and make sure we do not follow symlinks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm_cert/ek-cert.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c
index 651d60f..0e0b4b1 100644
--- a/src/swtpm_cert/ek-cert.c
+++ b/src/swtpm_cert/ek-cert.c
@@ -51,6 +51,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <getopt.h>
+#include <sys/stat.h>
#include <arpa/inet.h>
@@ -995,7 +996,7 @@ main(int argc, char *argv[])
unsigned long long serial = 1;
time_t now;
int err;
- FILE *cert_file;
+ int cert_file_fd;
const char *subject = NULL;
const char *error = NULL;
int days = 365;
@@ -1675,8 +1676,9 @@ if (_err != GNUTLS_E_SUCCESS) { \
? GNUTLS_X509_FMT_PEM
: GNUTLS_X509_FMT_DER, &out);
if (cert_filename) {
- cert_file = fopen(cert_filename, "wb");
- if (cert_file == NULL) {
+ cert_file_fd = open(cert_filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ S_IRUSR|S_IWUSR);
+ if (cert_file_fd < 0) {
fprintf(stderr, "Could not open %s for writing the certificate: %s\n",
cert_filename,
strerror(errno));
@@ -1691,22 +1693,22 @@ if (_err != GNUTLS_E_SUCCESS) { \
},
.tag = htobe16(TCG_TAG_PCCLIENT_FULL_CERT),
};
- if (sizeof(hdr) != fwrite(&hdr, 1, sizeof(hdr), cert_file)) {
+ if (sizeof(hdr) != write(cert_file_fd, &hdr, sizeof(hdr))) {
fprintf(stderr, "Could not write certificate header: %s\n",
strerror(errno));
- fclose(cert_file);
+ close(cert_file_fd);
unlink(cert_filename);
goto cleanup;
}
}
- if (out.size != fwrite(out.data, 1, out.size, cert_file)) {
+ if ((ssize_t)out.size != write(cert_file_fd, out.data, out.size)) {
fprintf(stderr, "Could not write certificate into file: %s\n",
strerror(errno));
- fclose(cert_file);
+ close(cert_file_fd);
unlink(cert_filename);
goto cleanup;
}
- fclose(cert_file);
+ close(cert_file_fd);
} else {
fprintf(stdout, "%s\n", out.data);
}
--
2.27.0

32
0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch Normal file
View File

@ -0,0 +1,32 @@
From 15a0b58ca43ccbae26d1a1e7718d7d8bd2c2add2 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:45:40 -0500
Subject: [PATCH 3/5] swtpm: Do not follow symlinks when opening lockfile
(CVE-2020-28407)
This patch addresses CVE-2020-28407.
Prevent us from following symliks when we open the lockfile
for writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 3b928d0..8a6621b 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -210,7 +210,7 @@ static TPM_RESULT SWTPM_NVRAM_Lock_Lockfile(const char *directory,
return TPM_FAIL;
}
- *fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC, 0660);
+ *fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, 0660);
if (*fd < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_Lock_Lockfile: Could not open lockfile: %s\n",
--
2.27.0

103
0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch Normal file
View File

@ -0,0 +1,103 @@
From 934603eb6adb2d646364132bbac7bdb30ccb97bf Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 22:21:23 -0500
Subject: [PATCH 4/5] swtpm: Switch to open() from fopen() for the pidfile
(CVE-2020-28407)
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when creating a pidfile.
Also prevent us from following symbolic links when opening the pidfile for
writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/pidfile.c | 41 ++++++++++++++++++++++++++---------------
1 file changed, 26 insertions(+), 15 deletions(-)
diff --git a/src/swtpm/pidfile.c b/src/swtpm/pidfile.c
index f9d18ad..afca5b0 100644
--- a/src/swtpm/pidfile.c
+++ b/src/swtpm/pidfile.c
@@ -37,11 +37,13 @@
#include "config.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
-#include <unistd.h>
#include "pidfile.h"
#include "logging.h"
@@ -77,40 +79,49 @@ int pidfile_set_fd(int newpidfilefd)
*/
int pidfile_write(pid_t pid)
{
- FILE *f;
+ int fd;
+ char buffer[32];
+ ssize_t nwritten;
if (g_pidfile) {
- f = fopen(g_pidfile, "w+");
+ fd = open(g_pidfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
} else if (pidfilefd >= 0) {
- f = fdopen(pidfilefd, "w");
- if (f) {
- g_pidfile = fd_to_filename(pidfilefd);
- if (!g_pidfile)
- goto error;
- }
+ fd = pidfilefd;
+ g_pidfile = fd_to_filename(pidfilefd);
+ if (!g_pidfile)
+ goto error;
} else {
return 0;
}
- if (!f) {
+ if (fd < 0) {
logprintf(STDERR_FILENO, "Could not open pidfile %s : %s\n",
g_pidfile, strerror(errno));
goto error;
}
- if (fprintf(f, "%d", pid) < 0) {
+ if (snprintf(buffer, sizeof(buffer), "%d", pid) >= (int)sizeof(buffer)) {
+ logprintf(STDERR_FILENO, "Could not write pid to buffer\n");
+ goto error_close;
+ }
+
+ nwritten = write_full(fd, buffer, strlen(buffer));
+ if (nwritten < 0 || nwritten != (ssize_t)strlen(buffer)) {
logprintf(STDERR_FILENO, "Could not write to pidfile : %s\n",
strerror(errno));
- goto error;
+ goto error_close;
}
- fclose(f);
+ close(fd);
return 0;
+error_close:
+ if (fd != pidfilefd)
+ close(fd);
+
error:
- if (f)
- fclose(f);
return -1;
}
--
2.27.0

211
0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch Normal file
View File

@ -0,0 +1,211 @@
From 44eacbca5bdb4baba226551a60a4e2e474b491cc Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:41:54 -0500
Subject: [PATCH 5/5] swtpm: Use open() (not fopen()) when accessing statefile
(CVE-2020-28407)
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when accessing
the statefile and make sure we do not follow symlinks using O_NOFOLLOW.
The modification does not allow an attacker to create a symbolic link
with the name of the temporary file (TMP2-00.permall for TPM 2) and
have this point to a valueable file and swtpm ends up overwriting the
file. The success of the attack depends on the attacker having access
to the TPM's state directory (--tpmstate dir=...).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 67 +++++++++++++---------------------------
1 file changed, 21 insertions(+), 46 deletions(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 8a6621b..12f10b9 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -88,6 +88,7 @@
#include "tpmstate.h"
#include "tpmlib.h"
#include "tlv.h"
+#include "utils.h"
/* local structures */
typedef struct {
@@ -295,16 +296,16 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
const char *name)
{
TPM_RESULT rc = 0;
- long lrc;
size_t src;
int irc;
- FILE *file = NULL;
+ int fd = -1;
char filename[FILENAME_MAX]; /* rooted file name from name */
unsigned char *decrypt_data = NULL;
uint32_t decrypt_length;
uint32_t dataoffset = 0;
uint8_t hdrversion = 0;
uint16_t hdrflags;
+ struct stat statbuf;
TPM_DEBUG(" SWTPM_NVRAM_LoadData: From file %s\n", name);
*data = NULL;
@@ -318,8 +319,8 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
if (rc == 0) {
TPM_DEBUG(" SWTPM_NVRAM_LoadData: Opening file %s\n", filename);
- file = fopen(filename, "rb"); /* closed @1 */
- if (file == NULL) { /* if failure, determine cause */
+ fd = open(filename, O_RDONLY); /* closed @1 */
+ if (fd < 0) { /* if failure, determine cause */
if (errno == ENOENT) {
TPM_DEBUG("SWTPM_NVRAM_LoadData: No such file %s\n",
filename);
@@ -335,7 +336,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
}
if (rc == 0) {
- if (fchmod(fileno(file), tpmstate_get_mode()) < 0) {
+ if (fchmod(fd, tpmstate_get_mode()) < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_LoadData: Could not fchmod %s : %s\n",
filename, strerror(errno));
@@ -345,34 +346,16 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
/* determine the file length */
if (rc == 0) {
- irc = fseek(file, 0L, SEEK_END); /* seek to end of file */
+ irc = fstat(fd, &statbuf);
if (irc == -1L) {
logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_LoadData: Error (fatal) fseek'ing %s, %s\n",
+ "SWTPM_NVRAM_LoadData: Error (fatal) fstat'ing %s, %s\n",
filename, strerror(errno));
rc = TPM_FAIL;
}
}
if (rc == 0) {
- lrc = ftell(file); /* get position in the stream */
- if (lrc == -1L) {
- logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_LoadData: Error (fatal) ftell'ing %s, %s\n",
- filename, strerror(errno));
- rc = TPM_FAIL;
- }
- else {
- *length = (uint32_t)lrc; /* save the length */
- }
- }
- if (rc == 0) {
- irc = fseek(file, 0L, SEEK_SET); /* seek back to the beginning of the file */
- if (irc == -1L) {
- logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_LoadData: Error (fatal) fseek'ing %s, %s\n",
- filename, strerror(errno));
- rc = TPM_FAIL;
- }
+ *length = statbuf.st_size; /* save the length */
}
/* allocate a buffer for the actual data */
if ((rc == 0) && *length != 0) {
@@ -387,7 +370,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
}
/* read the contents of the file into the data buffer */
if ((rc == 0) && *length != 0) {
- src = fread(*data, 1, *length, file);
+ src = read(fd, *data, *length);
if (src != *length) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_LoadData: Error (fatal), data read of %u "
@@ -396,9 +379,9 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
}
}
/* close the file */
- if (file != NULL) {
+ if (fd >= 0) {
TPM_DEBUG(" SWTPM_NVRAM_LoadData: Closing file %s\n", filename);
- irc = fclose(file); /* @1 */
+ irc = close(fd); /* @1 */
if (irc != 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_LoadData: Error (fatal) closing file %s\n",
@@ -473,7 +456,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
TPM_RESULT rc = 0;
uint32_t lrc;
int irc;
- FILE *file = NULL;
+ int fd = -1;
char tmpfile[FILENAME_MAX]; /* rooted temporary file */
char filename[FILENAME_MAX]; /* rooted file name from name */
unsigned char *filedata = NULL;
@@ -499,8 +482,9 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
if (rc == 0) {
/* open the file */
TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", tmpfile);
- file = fopen(tmpfile, "wb"); /* closed @1 */
- if (file == NULL) {
+ fd = open(tmpfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ tpmstate_get_mode()); /* closed @1 */
+ if (fd < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Error (fatal) opening %s for "
"write failed, %s\n", tmpfile, strerror(errno));
@@ -508,15 +492,6 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
- if (rc == 0) {
- if (fchmod(fileno(file), tpmstate_get_mode()) < 0) {
- logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_StoreData: Could not fchmod %s : %s\n",
- tmpfile, strerror(errno));
- rc = TPM_FAIL;
- }
- }
-
if (rc == 0) {
if (encrypt && SWTPM_NVRAM_Has_FileKey()) {
td_len = 3;
@@ -549,7 +524,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
/* write the data to the file */
if (rc == 0) {
TPM_DEBUG(" SWTPM_NVRAM_StoreData: Writing %u bytes of data\n", length);
- lrc = fwrite(filedata, 1, filedata_length, file);
+ lrc = write_full(fd, filedata, filedata_length);
if (lrc != filedata_length) {
logprintf(STDERR_FILENO,
"TPM_NVRAM_StoreData: Error (fatal), data write "
@@ -557,9 +532,9 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
rc = TPM_FAIL;
}
}
- if (file != NULL) {
+ if (fd >= 0) {
TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", tmpfile);
- irc = fclose(file); /* @1 */
+ irc = close(fd); /* @1 */
if (irc != 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Error (fatal) closing file\n");
@@ -570,7 +545,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
- if (rc == 0 && file != NULL) {
+ if (rc == 0 && fd >= 0) {
irc = rename(tmpfile, filename);
if (irc != 0) {
logprintf(STDERR_FILENO,
@@ -582,7 +557,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
- if (rc != 0 && file != NULL) {
+ if (rc != 0 && fd >= 0) {
unlink(tmpfile);
}
--
2.27.0

BIN
swtpm-0.8.0.tar.gz
View File

Binary file not shown.

BIN
swtpm-091be80.tar.gz Normal file
View File

Binary file not shown.

66
swtpm.spec
View File

@ -1,5 +1,9 @@
%bcond_without gnutls %bcond_without gnutls
%global gitdate 20200710
%global gitcommit 091be8054b5863ff86c5efcb072dcdd45e3696d1
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7})
# Macros needed by SELinux # Macros needed by SELinux
%global selinuxtype targeted %global selinuxtype targeted
%global moduletype contrib %global moduletype contrib
@ -7,26 +11,33 @@
Summary: TPM Emulator Summary: TPM Emulator
Name: swtpm Name: swtpm
Version: 0.8.0 Version: 0.3.3
Release: 3 Release: 6
License: BSD License: BSD
Url: https://github.com/stefanberger/swtpm Url: http://github.com/stefanberger/swtpm
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
Patch00: 0000-disable-test_tpm2_swtpm_localca_pkcs11.test.patch Patch00: 0000-rename-deprecated-libtasn1-types-to-fix-build-error.patch
Patch01: 0001-swtpm_setup-Initialized-argv-in-get_swtpm_capabiliti.patch Patch01: 0001-swtpm-Check-header-size-indicator-against-expected-s.patch
Patch02: 0002-swtpm-Write-state-files-atomically-using-file-renami.patch
Patch03: 0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch
Patch04: 0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch
Patch05: 0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch
Patch06: 0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch
BuildRequires: automake BuildRequires: automake
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: libtool BuildRequires: libtool
BuildRequires: libtpms-devel >= 0.6.0 BuildRequires: libtpms-devel >= 0.6.0
BuildRequires: glib2-devel BuildRequires: glib2-devel
BuildRequires: json-glib-devel BuildRequires: gmp-devel
BuildRequires: expect BuildRequires: expect
BuildRequires: net-tools BuildRequires: net-tools
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: socat BuildRequires: socat
BuildRequires: python3
BuildRequires: softhsm BuildRequires: softhsm
BuildRequires: trousers >= 0.3.9 BuildRequires: trousers >= 0.3.9
BuildRequires: tpm-tools >= 1.3.8-6
%if %{with gnutls} %if %{with gnutls}
BuildRequires: gnutls >= 3.1.0 BuildRequires: gnutls >= 3.1.0
BuildRequires: gnutls-devel BuildRequires: gnutls-devel
@ -37,8 +48,6 @@ BuildRequires: libtasn1
BuildRequires: selinux-policy-devel BuildRequires: selinux-policy-devel
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libseccomp-devel BuildRequires: libseccomp-devel
BuildRequires: tpm2-tools
BuildRequires: chrpath
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
Requires: libtpms >= 0.6.0 Requires: libtpms >= 0.6.0
@ -66,13 +75,13 @@ Include files for the TPM emulator's CUSE interface.
Summary: Tools for the TPM emulator Summary: Tools for the TPM emulator
License: BSD License: BSD
Requires: swtpm = %{version}-%{release} Requires: swtpm = %{version}-%{release}
Requires: trousers >= 0.3.9 bash gnutls-utils Requires: trousers >= 0.3.9 tpm-tools >= 1.3.8-6 expect bash net-tools gnutls-utils
%description tools %description tools
Tools for the TPM emulator from the swtpm package Tools for the TPM emulator from the swtpm package
%prep %prep
%autosetup -n %{name}-%{version} -p1 %autosetup -n %{name}-%{gitcommit} -p1
%selinux_relabel_pre -s %{selinuxtype} %selinux_relabel_pre -s %{selinuxtype}
%build %build
@ -96,18 +105,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/swtpm-create-tpmca.8* rm -f $RPM_BUILD_ROOT%{_mandir}/man8/swtpm-create-tpmca.8*
rm -f $RPM_BUILD_ROOT%{_datadir}/%{name}/swtpm-create-tpmca rm -f $RPM_BUILD_ROOT%{_datadir}/%{name}/swtpm-create-tpmca
chrpath -d %{buildroot}/%{_bindir}/swtpm
mkdir -p %{buildroot}/etc/ld.so.conf.d
echo "%{_libdir}/%{name}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
%post %post
for pp in /usr/share/selinux/packages/swtpm.pp \ for pp in /usr/share/selinux/packages/swtpm.pp \
/usr/share/selinux/packages/swtpm_svirt.pp; do /usr/share/selinux/packages/swtpm_svirt.pp; do
%selinux_modules_install -s %{selinuxtype} ${pp} %selinux_modules_install -s %{selinuxtype} ${pp}
done done
/sbin/ldconfig
%postun %postun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
for p in swtpm swtpm_svirt; do for p in swtpm swtpm_svirt; do
@ -121,8 +124,6 @@ fi
%ldconfig_post libs %ldconfig_post libs
%ldconfig_postun libs %ldconfig_postun libs
/sbin/ldconfig
%files %files
%license LICENSE %license LICENSE
%doc README %doc README
@ -130,7 +131,6 @@ fi
%{_mandir}/man8/swtpm.8* %{_mandir}/man8/swtpm.8*
%{_datadir}/selinux/packages/swtpm.pp %{_datadir}/selinux/packages/swtpm.pp
%{_datadir}/selinux/packages/swtpm_svirt.pp %{_datadir}/selinux/packages/swtpm_svirt.pp
%config(noreplace) /etc/ld.so.conf.d/*
%files libs %files libs
%license LICENSE %license LICENSE
@ -152,39 +152,25 @@ fi
%{_bindir}/swtpm_cert %{_bindir}/swtpm_cert
%endif %endif
%{_bindir}/swtpm_setup %{_bindir}/swtpm_setup
%{_bindir}/swtpm_setup.sh
%{_bindir}/swtpm_ioctl %{_bindir}/swtpm_ioctl
%{_bindir}/swtpm_localca
%{_mandir}/man8/swtpm_bios.8* %{_mandir}/man8/swtpm_bios.8*
%{_mandir}/man8/swtpm_cert.8* %{_mandir}/man8/swtpm_cert.8*
%{_mandir}/man8/swtpm_cuse.8*
%{_mandir}/man8/swtpm_ioctl.8* %{_mandir}/man8/swtpm_ioctl.8*
%{_mandir}/man5/swtpm-localca.conf.5* %{_mandir}/man8/swtpm-localca.conf.8*
%{_mandir}/man5/swtpm-localca.options.5* %{_mandir}/man8/swtpm-localca.options.8*
%{_mandir}/man8/swtpm-localca.8* %{_mandir}/man8/swtpm-localca.8*
%{_mandir}/man8/swtpm_localca.8*
%{_mandir}/man8/swtpm_setup.8* %{_mandir}/man8/swtpm_setup.8*
%{_mandir}/man5/swtpm_setup.conf.5* %{_mandir}/man8/swtpm_setup.conf.8*
%{_mandir}/man8/swtpm_setup.sh.8*
%config(noreplace) %{_sysconfdir}/swtpm_setup.conf %config(noreplace) %{_sysconfdir}/swtpm_setup.conf
%config(noreplace) %{_sysconfdir}/swtpm-localca.options %config(noreplace) %{_sysconfdir}/swtpm-localca.options
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf %config(noreplace) %{_sysconfdir}/swtpm-localca.conf
%dir %{_datadir}/swtpm %dir %{_datadir}/swtpm
%{_datadir}/swtpm/swtpm-localca %{_datadir}/swtpm/swtpm-localca
%{_datadir}/swtpm/swtpm-create-user-config-files %attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca
%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca
%changelog %changelog
* Mon Aug 28 2023 Jiabo Feng <fengjiabo1@huawei.com> - 0.8.0-3
- swtpm_setup: Initialized @argv in get_swtpm_capabilities()
* Tue Mar 07 2023 jiangfangjie <jiangfangjie@huawei.com> - 0.8.0-2
- Remove rpath
* Fri Feb 03 2023 yezengruan <yezengruan@huawei.com> - 0.8.0-1
- update to version 0.8.0
* Wed Nov 23 2022 yezengruan <yezengruan@huawei.com> - 0.3.3-7
- Update the source package to be consistent with the download link
* Thu Jun 30 2022 yezengruan <yezengruan@huawei.com> - 0.3.3-6 * Thu Jun 30 2022 yezengruan <yezengruan@huawei.com> - 0.3.3-6
- Addressed potential symlink attack issue (CVE-2020-28407) - Addressed potential symlink attack issue (CVE-2020-28407)