SecurityPkg: Replace BSD License with BSD+Patent License

[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2EnhancedAuthorization.c

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
index d11f543463290937bb0d8fde10eceb65b3861962..61c63672626f693f56d572865abc2d7a45be091c 100644 (file)
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
@@ -1,14 +1,8 @@
 /** @file\r
   Implement TPM2 EnhancedAuthorization related command.\r
 \r
-Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution.  The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
 \r
@@ -87,7 +81,7 @@ typedef struct {
   @param[in]  Expiration         Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
   @param[out] Timeout            Time value used to indicate to the TPM when the ticket expires.\r
   @param[out] PolicyTicket       A ticket that includes a value indicating when the authorization expires.\r
-  \r
+\r
   @retval EFI_SUCCESS            Operation completed successfully.\r
   @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
 **/\r
@@ -120,7 +114,7 @@ Tpm2PolicySecret (
   SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);\r
   SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
   SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
-  \r
+\r
   //\r
   // Add in Auth session\r
   //\r
@@ -148,7 +142,7 @@ Tpm2PolicySecret (
   Buffer += sizeof(UINT16);\r
   CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);\r
   Buffer += PolicyRef->size;\r
-  \r
+\r
   WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));\r
   Buffer += sizeof(UINT32);\r
 \r
@@ -161,16 +155,18 @@ Tpm2PolicySecret (
   RecvBufferSize = sizeof (RecvBuffer);\r
   Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
   if (EFI_ERROR (Status)) {\r
-    return Status;\r
+    goto Done;\r
   }\r
 \r
   if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
     DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
-    return EFI_DEVICE_ERROR;\r
+    Status = EFI_DEVICE_ERROR;\r
+    goto Done;\r
   }\r
   if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
     DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
-    return EFI_DEVICE_ERROR;\r
+    Status = EFI_DEVICE_ERROR;\r
+    goto Done;\r
   }\r
 \r
   //\r
@@ -178,6 +174,12 @@ Tpm2PolicySecret (
   //\r
   Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
   Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
+  if (Timeout->size > sizeof(UINT64)) {\r
+    DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));\r
+    Status = EFI_DEVICE_ERROR;\r
+    goto Done;\r
+  }\r
+\r
   Buffer += sizeof(UINT16);\r
   CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
 \r
@@ -187,9 +189,21 @@ Tpm2PolicySecret (
   Buffer += sizeof(UINT32);\r
   PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
   Buffer += sizeof(UINT16);\r
+  if (PolicyTicket->digest.size > sizeof(TPMU_HA)) {\r
+    DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));\r
+    Status = EFI_DEVICE_ERROR;\r
+    goto Done;\r
+  }\r
+\r
   CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
 \r
-  return EFI_SUCCESS;\r
+Done:\r
+  //\r
+  // Clear AuthSession Content\r
+  //\r
+  ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
+  return Status;\r
 }\r
 \r
 /**\r
@@ -200,7 +214,7 @@ Tpm2PolicySecret (
 \r
   @param[in] PolicySession      Handle for the policy session being extended.\r
   @param[in] HashList           the list of hashes to check for a match.\r
-  \r
+\r
   @retval EFI_SUCCESS            Operation completed successfully.\r
   @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
 **/\r
@@ -265,7 +279,7 @@ Tpm2PolicyOR (
 \r
   @param[in]  PolicySession      Handle for the policy session being extended.\r
   @param[in]  Code               The allowed commandCode.\r
-  \r
+\r
   @retval EFI_SUCCESS            Operation completed successfully.\r
   @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
 **/\r
@@ -321,7 +335,7 @@ Tpm2PolicyCommandCode (
 \r
   @param[in]  PolicySession      Handle for the policy session.\r
   @param[out] PolicyHash         the current value of the policyHash of policySession.\r
-  \r
+\r
   @retval EFI_SUCCESS            Operation completed successfully.\r
   @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
 **/\r
@@ -371,6 +385,11 @@ Tpm2PolicyGetDigest (
   // Return the response\r
   //\r
   PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
+  if (PolicyHash->size > sizeof(TPMU_HA)) {\r
+    DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));\r
+    return EFI_DEVICE_ERROR;\r
+  }\r
+\r
   CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
 \r
   return EFI_SUCCESS;\r