On Mon, Jan 09, 2017 at 06:05:38PM +0200, Jarkko Sakkinen wrote: > On Thu, Jan 05, 2017 at 07:11:24AM -0500, Stefan Berger wrote: > > Check the size of the response before accesing data in > > the response packet. This is to avoid accessing data beyond > > the end of the response. > > > > Signed-off-by: Stefan Berger <[email protected]> > > How on earth this could happen if we request only one property?
His (software) TPM is broken. Now that we have the vtpm stuff it is super-critical that the kernel unmarshal path be bomb proof - it needs to treat the TPM itself as a hostile entity. You should look at all of it and make sure the proper bounds checks are done, multiples can't overflow, and so forth. Jason ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
