Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(RHEL-56793) repart: avoid use of uninitialized TPM2B_PUBLIC data #298

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dtardon
Copy link
Member

@dtardon dtardon commented Sep 10, 2024

The 'TPM2B public' struct is only initialized if the public key is non-NULL, however, it is unconditionally passed to tpm2_calculate_sealing_policy, resulting in use of uninitialized data. If the uninitialized data is lucky enough to be all zeroes, this results eventually results in an error message from tpm2_calculate_name about an unsupported nameAlg field value.

Signed-off-by: Daniel P. Berrangé [email protected]
(cherry picked from commit a3ad5c3)

Resolves: RHEL-56793

@github-actions github-actions bot changed the title repart: avoid use of uninitialized TPM2B_PUBLIC data (RHEL-56793) repart: avoid use of uninitialized TPM2B_PUBLIC data Sep 10, 2024
@github-actions github-actions bot added pr/needs-ci Formerly needs-ci pr/needs-review Formerly needs-review labels Sep 10, 2024
Copy link

github-actions bot commented Sep 10, 2024

Commit validation

Tracker - RHEL-56793

The following commits meet all requirements

commit upstream
db07cb0 - repart: avoid use of uninitialized TPM2B_PUBLIC data systemd/systemd@a3ad5c3

Tracker validation

Success

🟢 Tracker RHEL-56793 has set desired product: rhel-9.6
🟢 Tracker RHEL-56793 has set desired component: systemd
🟢 Tracker RHEL-56793 has been approved
🟢 Tracker RHEL-56793 has set severity


Pull Request validation

Failed

🔴 Failed or pending checks - ci (centos, 9)[failure] Failed or pending statuses - CentOS CI (CentOS Stream 9 + sanitizers)[failure]
🔴 Review - Missing review from a member (1 required)

The 'TPM2B public' struct is only initialized if the public key
is non-NULL, however, it is unconditionally passed to
tpm2_calculate_sealing_policy, resulting in use of uninitialized
data. If the uninitialized data is lucky enough to be all zeroes,
this results eventually results in an error message from
tpm2_calculate_name about an unsupported nameAlg field value.

Signed-off-by: Daniel P. Berrangé <[email protected]>
(cherry picked from commit a3ad5c3)

Resolves: RHEL-56793
@jamacku jamacku force-pushed the RHEL-56793-repart-tpm branch from 010560b to db07cb0 Compare January 7, 2025 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr/needs-ci Formerly needs-ci pr/needs-review Formerly needs-review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants