!9 master: Fix CVE-2020-24455

From: @hugel Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
2021-01-14 19:21:06 +08:00 · 2021-01-14 19:21:06 +08:00 · 33ce8cb1a8
commit 33ce8cb1a8
parent b4c9e4e013 690b78d735
2 changed files with 39 additions and 1 deletions
--- a/backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
+++ b/backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
@ -0,0 +1,30 @@
+From ac935ca8bcb5227a599284799917c9c04c26e3ee Mon Sep 17 00:00:00 2001
+From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
+Date: Fri, 21 Aug 2020 17:55:16 +0200
+Subject: [PATCH] FAPI: Fix execution of policy callback for reading PCR
+ registers.
+
+For Policy PCR current PCR registers of the TPM registers can be used to compute
+the policy digest. The counter in the computed PCR list was not set. Thus a empty
+PCR list was used for the policy digest computation.
+
+Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
+---
+ src/tss2-fapi/ifapi_policy_callbacks.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/tss2-fapi/ifapi_policy_callbacks.c b/src/tss2-fapi/ifapi_policy_callbacks.c
+index c0600ae..887a2c3 100644
+--- a/src/tss2-fapi/ifapi_policy_callbacks.c
+++ b/src/tss2-fapi/ifapi_policy_callbacks.c
+@@ -364,6 +364,7 @@ ifapi_read_pcr(
+ 
+         /* Initialize digest list with pcr values from TPM */
+         i_pcr = 0;
+        (*pcr_values)->count = pcr_digests->count;
+         for (i = 0; i < out_selection->count; i++) {
+             for (pcr = 0; pcr < TPM2_MAX_PCRS; pcr++) {
+                 uint8_t byte_idx = pcr / 8;
+-- 
+1.8.3.1
+
--- a/tpm2-tss.spec
+++ b/tpm2-tss.spec
@ -1,11 +1,13 @@
 Name:          tpm2-tss
 Version:       2.4.1
-Release:       1
+Release:       2
 Summary:       TPM2.0 Software Stack
 License:       BSD and TCGL
 URL:           https://github.com/tpm2-software/tpm2-tss
 Source0:       https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz

+Patch0:        backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
+
 BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen

 %description
@ -65,6 +67,12 @@ make check
 %{_mandir}/man*/*

 %changelog
+* Thu Jan 14 2021 Hugel<gengqihu1@huawei.com> - 2.4.1-2
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC: fix CVE-2020-24455
+
 * Wed Jul 29 2020 yang_zhuang_zhuang <yangzhuangzhuang1@huawei.com> - 2.4.1-1
 - Type:enhancement
 - ID:NA