On Thu, Nov 7, 2019 at 1:51 AM Stefan Berger <stef...@linux.vnet.ibm.com> wrote: > > Defend against a broken TPM 1.2 or TPM 2.0 that doesn't send at least > a full response header in the response but less than 10 bytes. > > Signed-off-by: Stefan Berger <stef...@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com> > --- > src/hw/tpm_drivers.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c > index e4770b3..2b5753c 100644 > --- a/src/hw/tpm_drivers.c > +++ b/src/hw/tpm_drivers.c > @@ -620,7 +620,8 @@ tpmhw_transmit(u8 locty, struct tpm_req_header *req, > return -1; > > irc = td->readresp(respbuffer, respbufferlen); > - if (irc != 0) > + if (irc != 0 || > + *respbufferlen < sizeof(struct tpm_rsp_header)) > return -1; > > td->ready(); > -- > 2.20.1 > _______________________________________________ > SeaBIOS mailing list -- seabios@seabios.org > To unsubscribe send an email to seabios-le...@seabios.org -- Marc-André Lureau _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-le...@seabios.org
