Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-12 Thread Jarkko Sakkinen
On Sun, Sep 11, 2016 at 10:05:46PM -0600, Jason Gunthorpe wrote: > On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > > tpm_write() does not check whether the buffer has at least enough space > > for the header before passing it to tpm_transmit() so an overflow can > > happen. > >

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-12 Thread Jarkko Sakkinen
On Sun, Sep 11, 2016 at 10:05:46PM -0600, Jason Gunthorpe wrote: > On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > > tpm_write() does not check whether the buffer has at least enough space > > for the header before passing it to tpm_transmit() so an overflow can > > happen. > >

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jason Gunthorpe
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > tpm_write() does not check whether the buffer has at least enough space > for the header before passing it to tpm_transmit() so an overflow can > happen. Eh? tpm_write uses a hard wired buffer size of TPM_BUFSIZE when working

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jason Gunthorpe
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > tpm_write() does not check whether the buffer has at least enough space > for the header before passing it to tpm_transmit() so an overflow can > happen. Eh? tpm_write uses a hard wired buffer size of TPM_BUFSIZE when working

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jarkko Sakkinen
On Sun, Sep 11, 2016 at 03:51:42PM +0300, Jarkko Sakkinen wrote: > On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > > tpm_write() does not check whether the buffer has at least enough space > > for the header before passing it to tpm_transmit() so an overflow can > > happen. > >

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jarkko Sakkinen
On Sun, Sep 11, 2016 at 03:51:42PM +0300, Jarkko Sakkinen wrote: > On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > > tpm_write() does not check whether the buffer has at least enough space > > for the header before passing it to tpm_transmit() so an overflow can > > happen. > >

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jarkko Sakkinen
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > tpm_write() does not check whether the buffer has at least enough space > for the header before passing it to tpm_transmit() so an overflow can > happen. > > Signed-off-by: Jarkko Sakkinen This

Re: [PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jarkko Sakkinen
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > tpm_write() does not check whether the buffer has at least enough space > for the header before passing it to tpm_transmit() so an overflow can > happen. > > Signed-off-by: Jarkko Sakkinen This is usable neither as read nor

[PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jarkko Sakkinen
tpm_write() does not check whether the buffer has at least enough space for the header before passing it to tpm_transmit() so an overflow can happen. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-interface.c | 3 +++ 1 file changed, 3 insertions(+)

[PATCH] tpm: fix buffer overflow in /dev/tpm0

2016-09-11 Thread Jarkko Sakkinen
tpm_write() does not check whether the buffer has at least enough space for the header before passing it to tpm_transmit() so an overflow can happen. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-interface.c | 3 +++ 1 file changed, 3 insertions(+) diff --git