packages/tpm2-tss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-24455

Browse Source
This commit is contained in:
Hugel 2021-01-14 16:37:39 +08:00
parent b4c9e4e013
commit 690b78d735
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch Normal file
View File

@ -0,0 +1,30 @@
From ac935ca8bcb5227a599284799917c9c04c26e3ee Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
Date: Fri, 21 Aug 2020 17:55:16 +0200
Subject: [PATCH] FAPI: Fix execution of policy callback for reading PCR
registers.
For Policy PCR current PCR registers of the TPM registers can be used to compute
the policy digest. The counter in the computed PCR list was not set. Thus a empty
PCR list was used for the policy digest computation.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
---
src/tss2-fapi/ifapi_policy_callbacks.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tss2-fapi/ifapi_policy_callbacks.c b/src/tss2-fapi/ifapi_policy_callbacks.c
index c0600ae..887a2c3 100644
--- a/src/tss2-fapi/ifapi_policy_callbacks.c
+++ b/src/tss2-fapi/ifapi_policy_callbacks.c
@@ -364,6 +364,7 @@ ifapi_read_pcr(
/* Initialize digest list with pcr values from TPM */
i_pcr = 0;
+ (*pcr_values)->count = pcr_digests->count;
for (i = 0; i < out_selection->count; i++) {
for (pcr = 0; pcr < TPM2_MAX_PCRS; pcr++) {
uint8_t byte_idx = pcr / 8;
--
1.8.3.1

10
tpm2-tss.spec
View File

@ -1,11 +1,13 @@
Name: tpm2-tss Name: tpm2-tss
Version: 2.4.1 Version: 2.4.1
Release: 1 Release: 2
Summary: TPM2.0 Software Stack Summary: TPM2.0 Software Stack
License: BSD and TCGL License: BSD and TCGL
URL: https://github.com/tpm2-software/tpm2-tss URL: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen
%description %description
@ -65,6 +67,12 @@ make check
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Thu Jan 14 2021 Hugel<gengqihu1@huawei.com> - 2.4.1-2
- Type:CVE
- ID:NA
- SUG:NA
- DESC: fix CVE-2020-24455
* Wed Jul 29 2020 yang_zhuang_zhuang <yangzhuangzhuang1@huawei.com> - 2.4.1-1 * Wed Jul 29 2020 yang_zhuang_zhuang <yangzhuangzhuang1@huawei.com> - 2.4.1-1
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA