]> git.proxmox.com Git - libtpms.git/commit
projects / libtpms.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 45134ae) | patch
tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
authorStefan Berger <stefanb@linux.ibm.com>
Mon, 20 Feb 2023 19:41:10 +0000 (14:41 -0500)
committerStefan Berger <stefanb@us.ibm.com>
Tue, 28 Feb 2023 20:57:55 +0000 (15:57 -0500)
commit6a6d40d8e2f2b4cd09e025597a1dfe59685f0ec7
treeea2ec3b675bd3c1332156523a6ae07cc1f2788fdtree
parent45134aef3e8e2b8c8fba7fcbedb753130091a4fecommit | diff
tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)

Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.

This fixes CVE-2023-1017 & CVE-2023-1018.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
src/tpm2/CryptUtil.c diff | blob | blame | history
Software TPM Library