[PATCH 11/14] tpm2: check the command parameters of TPM2 commands

Tue, 21 Feb 2023 23:03:44 -0800 

Some command parameters should not be NULL. Add the conditional check to
avoid the potential NULL pointer reference.
Besides, for TPM2_StartAuthSession, when 'tpmKey' is 'TPM_RH_NULL', the
size of 'encryptedSalt' must be 0 per "TCG TPM2 Part3 Commands".

Signed-off-by: Gary Lin <g...@suse.com>
---
 grub-core/tpm2/tpm2.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/grub-core/tpm2/tpm2.c b/grub-core/tpm2/tpm2.c
index bc1d797d4..ad9d52cd4 100644
--- a/grub-core/tpm2/tpm2.c
+++ b/grub-core/tpm2/tpm2.c
@@ -127,6 +127,9 @@ TPM2_CreatePrimary (const TPMI_RH_HIERARCHY primaryHandle,
   TPM_RC responseCode;
   grub_uint32_t parameterSize;
 
+  if (!inSensitive || !inPublic || !outsideInfo || !creationPCR)
+    return TPM_RC_VALUE;
+
   if (!objectHandle)
     objectHandle = &objectHandleTmp;
   if (!outPublic)
@@ -210,6 +213,13 @@ TPM2_StartAuthSession (const TPMI_DH_OBJECT tpmKey,
   TPM_RC responseCode;
   grub_uint32_t param_size;
 
+  if (!nonceCaller || !symmetric)
+    return TPM_RC_VALUE;
+
+  if (tpmKey == TPM_RH_NULL &&
+      (encryptedSalt && encryptedSalt->size != 0))
+    return TPM_RC_VALUE;
+
   if (!sessionHandle)
     sessionHandle = &sessionHandleTmp;
   if (!nonceTpm)
@@ -272,6 +282,9 @@ TPM2_PolicyPCR (const TPMI_SH_POLICY policySessions,
   TPM_RC responseCode;
   grub_uint32_t param_size;
 
+  if (!pcrs)
+    return TPM_RC_VALUE;
+
   if (!authResponse)
     authResponse = &authResponseTmp;
 
@@ -363,6 +376,9 @@ TPM2_Load (const TPMI_DH_OBJECT parent_handle,
   TPM_RC responseCode;
   grub_uint32_t param_size;
 
+  if (!inPrivate || !inPublic)
+    return TPM_RC_VALUE;
+
   if (!objectHandle)
     objectHandle = &objectHandleTmp;
   if (!name)
@@ -506,7 +522,7 @@ TPM2_PCR_Read (const TPMS_AUTH_COMMAND *authCommand,
   grub_uint32_t parameterSize;
 
   if (!pcrSelectionIn)
-    return TPM_RC_FAILURE;
+    return TPM_RC_VALUE;
 
   if (!pcrUpdateCounter)
     pcrUpdateCounter = &pcrUpdateCounterTmp;
@@ -625,6 +641,9 @@ TPM2_Create (const TPMI_DH_OBJECT parentHandle,
   TPM_RC rc;
   grub_uint32_t parameterSize;
 
+  if (!inSensitive || !inPublic || !outsideInfo || !creationPCR)
+    return TPM_RC_VALUE;
+
   if (!outPrivate)
     outPrivate = &outPrivateTmp;
   if (!outPublic)
-- 
2.35.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to