| Message ID | 20230915042035.1342-2-mario.limonciello@amd.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | tpmevlog: Correct boundary checking for PCR4 event check | expand |
Thanks Mario, Acked-by: Ivan Hu<ivan.hu@canonical.com> On 9/15/23 12:20, Mario Limonciello wrote: > The boundary checking looks when PCR 4 and `EV_EFI_BOOT_SERVICES_APPLICATION` > that the size is greater than `uefi_image_load_event`. > > This test fails when loading a PE binary for a kernel image which is exactly > the size of `uefi_image_load_event`. > > Furthermore, a kernel image may not have a device path specified, so don't > bail if that's zero size. > > Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> > --- > src/tpm/tpmevlog/tpmevlog.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/src/tpm/tpmevlog/tpmevlog.c b/src/tpm/tpmevlog/tpmevlog.c > index 96f71ffe..794b47ca 100644 > --- a/src/tpm/tpmevlog/tpmevlog.c > +++ b/src/tpm/tpmevlog/tpmevlog.c > @@ -161,7 +161,7 @@ static int tpmevlog_pcr_type_event_check( > uefi_image_load_event *ev_image_load = (uefi_image_load_event *)event; > > if (pcr == 4 && event_type == EV_EFI_BOOT_SERVICES_APPLICATION) { > - if (event_size <= sizeof(uefi_image_load_event)) { > + if (event_size < sizeof(uefi_image_load_event)) { > fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadEventLength", > "The length of the event is %" PRIu32 " which" > " is smaller than the UEFI Image Load Event " > @@ -171,7 +171,8 @@ static int tpmevlog_pcr_type_event_check( > event_size); > return FWTS_ERROR; > } > - if (ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) { > + if (ev_image_load->length_of_device_path && > + ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) { > fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadDevicePathLength", > "The length of the device path is %" PRIu64 > " is smaller than DevicePath of PE/COFF image "
diff --git a/src/tpm/tpmevlog/tpmevlog.c b/src/tpm/tpmevlog/tpmevlog.c index 96f71ffe..794b47ca 100644 --- a/src/tpm/tpmevlog/tpmevlog.c +++ b/src/tpm/tpmevlog/tpmevlog.c @@ -161,7 +161,7 @@ static int tpmevlog_pcr_type_event_check( uefi_image_load_event *ev_image_load = (uefi_image_load_event *)event; if (pcr == 4 && event_type == EV_EFI_BOOT_SERVICES_APPLICATION) { - if (event_size <= sizeof(uefi_image_load_event)) { + if (event_size < sizeof(uefi_image_load_event)) { fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadEventLength", "The length of the event is %" PRIu32 " which" " is smaller than the UEFI Image Load Event " @@ -171,7 +171,8 @@ static int tpmevlog_pcr_type_event_check( event_size); return FWTS_ERROR; } - if (ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) { + if (ev_image_load->length_of_device_path && + ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) { fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadDevicePathLength", "The length of the device path is %" PRIu64 " is smaller than DevicePath of PE/COFF image "
The boundary checking looks when PCR 4 and `EV_EFI_BOOT_SERVICES_APPLICATION` that the size is greater than `uefi_image_load_event`. This test fails when loading a PE binary for a kernel image which is exactly the size of `uefi_image_load_event`. Furthermore, a kernel image may not have a device path specified, so don't bail if that's zero size. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> --- src/tpm/tpmevlog/tpmevlog.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)