Hi Jared, Thanks for you report, tpm_rqu_build indeed needs some sane boundary check, I'll fix this ASAP.
Thanks, --- Rajiv Andrade Security Development IBM Linux Technology Center On Aug 10, 2010, at 3:38 PM, Jared D Schmitz wrote: > This occurs with TrouSerS-0.3.6. It IS the responsibility of the caller to > split any data larger than the RSA public key modulus when sealing to the > TPM. However, it would be fairly easy to see an application programmer not > checking the size of user input. I haven't dug into the source, but I'm > assuming that memcpy is being used to copy data from Tspi_Data_Seal into > another buffer that is too small. > > A 1kB file makes it to the TPM and returns error 0x0000002b Invalid data size. > > 2kB and 3kB files return TDDL error 0x00001002 General failure. > > A 4kB produces a segfault in tcsd. > > Here is the backtrace from gdb: > > (gdb) run -f > The program being debugged has been started already. > Start it from the beginning? (y or n) y > Starting program: /usr/local/sbin/tcsd -f > [Thread debugging using libthread_db enabled] > TCSD trousers 0.3.6: TCSD up and running. > [New Thread 0x7ffff79b8710 (LWP 10076)] > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7ffff79b8710 (LWP 10076)] > 0x000000311b880ef7 in memcpy () from /lib/libc.so.6 > (gdb) backtrace > #0 0x000000311b880ef7 in memcpy () from /lib/libc.so.6 > #1 0x00000000004078ed in LoadBlob () > #2 0x0000000000407989 in LoadBlob_Auth () > #3 0x000000000040cacf in tpm_rqu_build () > #4 0x000000000042c60a in TCSP_Seal_Internal () > #5 0x0000000000000000 in ?? () > > Architecture is amd64 and the OS is Gentoo Linux running TrouSerS-0.3.6 > released on SF. > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
