From patchwork Fri Sep 15 04:20:35 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mario Limonciello <Mario.Limonciello@amd.com>
X-Patchwork-Id: 1834674
Return-Path: <fwts-devel-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=fwts-devel-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Rn2jB48L0z1ypK
	for <incoming@patchwork.ozlabs.org>; Fri, 15 Sep 2023 15:26:06 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <fwts-devel-bounces@lists.ubuntu.com>)
	id 1qh1L3-0006a7-Dy; Fri, 15 Sep 2023 05:25:58 +0000
Received: from mail-co1nam11on2052.outbound.protection.outlook.com
 ([40.107.220.52] helo=NAM11-CO1-obe.outbound.protection.outlook.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <Mario.Limonciello@amd.com>)
 id 1qh1L0-0006Zg-KK
 for fwts-devel@lists.ubuntu.com; Fri, 15 Sep 2023 05:25:55 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=PhPnkXPbeg/FK9mEKVKHLUsB26ydPWhvvqkm/nkKSyn/S7z5eYMKEmGEzamSdHUHTipRZwsVssVqwQR0aZpQUOip6OMPPC+mTZHW0MFE7rHBjh+jla2P5oOH+aVK4bFC4WHjX/Zo+2X6A2hhxjVpEp08vQroAOTdxiWH4oWNHLqoxeamyH506R43Az67Fo7wZRi2EbXT+MaUpeTMvMAL99kjrJ4bQRKXXoYcp91BN/lBnQ9K7pZ15xjswLKQbiyGs5ELA/HN2HfI+8zWCY5fJyb3igqdIkw6DZZwFg2EEssK01/4H3qZguBwzVrCa0neqCp23LOdhDxN3brihpuTuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=MZsiqm+QX2BMT3xo4XwmVROgTrZJHAug/GvCC2whhrA=;
 b=ai94XMn22HJ6QE+Gn+rN4/Z9UOIKyNLYwq82H3FyhUuFlKsieJmQQBFEWaDwc+cIelXV2thfVNDaoH/rPQsRdciZK8lGzEMx02D6maTZVIFbvITOE3OejLy/IpL1IhOmiRZ59zn8V1hHXSAQ5pfwYzwcSsMD2d+knfcgvDfLPFg8YBP8OenTt2JORa7Sc4uvDGQvSKQ2PqKtsBW50o7EMv/8DE8Xd+FoW37ZxODIFmi25eui2V1Cmv3hUDkxrLDOwY3d7deI/9UmFq7hMoLzg0Io0Ae4nCCdo1I6c0MubFLFDMhdJA5i4FqKUOo0EN56nBYh/1UxzHmm/IftgHRPew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
Received: from PA7P264CA0365.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:37c::18)
 by SJ0PR12MB7082.namprd12.prod.outlook.com (2603:10b6:a03:4ae::12)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.20; Fri, 15 Sep
 2023 05:25:49 +0000
Received: from SA2PEPF00001505.namprd04.prod.outlook.com
 (2603:10a6:102:37c:cafe::8a) by PA7P264CA0365.outlook.office365.com
 (2603:10a6:102:37c::18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.21 via Frontend
 Transport; Fri, 15 Sep 2023 05:25:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
 SA2PEPF00001505.mail.protection.outlook.com (10.167.242.37) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.6792.20 via Frontend Transport; Fri, 15 Sep 2023 05:25:42 +0000
Received: from AUS-P9-MLIMONCI.amd.com (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Fri, 15 Sep
 2023 00:25:39 -0500
From: Mario Limonciello <mario.limonciello@amd.com>
To: <fwts-devel@lists.ubuntu.com>
Subject: [PATCH] tpmevlog: Correct boundary checking for PCR4 event check
Date: Thu, 14 Sep 2023 23:20:35 -0500
Message-ID: <20230915042035.1342-2-mario.limonciello@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230915042035.1342-1-mario.limonciello@amd.com>
References: <20230915042035.1342-1-mario.limonciello@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SA2PEPF00001505:EE_|SJ0PR12MB7082:EE_
X-MS-Office365-Filtering-Correlation-Id: 0a6cd9ef-857d-4b66-ecc9-08dbb5ac3481
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 8VBCE57t8L0AjLppJUktX2LK/ZAmJkv7KpEXuIRH4Vxm+wjeODzSSSWoppvAES2K2pUhAdKKOoL/prjMFyU5k/LuUZIW66+c+5bgk1yGNlYpzYfOgcVYuLUmI4GANpoqxC6dSl16oV3fudkqT7aG7Ahf3rvHLwIglrH4fvuQqpkPC/fCQCS04ik4jVwxKPWRmczMBUrVX/+49m+hFqSekHRtP9DXVqRAHyAWgxZr5FA+o7MNyinTPBlIMu10h8zUgKYP9lPeBA6fzzGn9WEHy/j4soFbXSOk920qrWVl+6DxWXw9t0Axs8xbNvPu/XApbNZC/ts0joJu1vBXM4MRvvRhDRmJ4WMGDJ2T7UiRY402NzxL8tNo9YZA9/Kp8iX1o4w4wNuXPhzbaoqSzGVxeASGvUNGdKy1iaozwvlyO9z+aQMbHl9UMVkfY4ygHtW0FIuPSjtP9kJTdZKRoi/1zWZKfzOPz0BlkG6yvel/FhHIi++BUTChRb9mZT8Y4d+sPwUItxTh8lmWBkT8+N/b3i+F0g27SYDrJkr9qvQFb1duejiKE5PeaqwWhd1ijBvptfYzkJU2bRzn1Q0+iDCmcbnF/lcBbgr7+Son9ViH12P4IG2vS0bkpNoSfNQ5wi2W1cWZHlIouJ7yzfMt+ryG4i986Yu7ddIfVbBveR2IyJsf36a9k9nnln9pB6/zugEYhSWSNWMOXv60RRjslVWs74yhgseiRR+LHsUfipJYXCsELUplCLKpaB7A5I6an/GNuLwgXxiKTXiIdTqKbzr/sg==
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230031)(4636009)(376002)(39860400002)(346002)(396003)(136003)(82310400011)(451199024)(186009)(1800799009)(46966006)(40470700004)(36840700001)(86362001)(41300700001)(4326008)(8936002)(82740400003)(6916009)(356005)(316002)(81166007)(70206006)(36756003)(5660300002)(44832011)(8676002)(36860700001)(478600001)(2906002)(47076005)(6666004)(7696005)(426003)(336012)(70586007)(2616005)(1076003)(40460700003)(26005)(16526019)(40480700001)(83380400001)(36900700001);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2023 05:25:42.2364 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0a6cd9ef-857d-4b66-ecc9-08dbb5ac3481
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SA2PEPF00001505.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB7082
X-BeenThere: fwts-devel@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Firmware Test Suite Development <fwts-devel.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/fwts-devel>,
 <mailto:fwts-devel-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/fwts-devel>
List-Post: <mailto:fwts-devel@lists.ubuntu.com>
List-Help: <mailto:fwts-devel-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/fwts-devel>,
 <mailto:fwts-devel-request@lists.ubuntu.com?subject=subscribe>
Cc: Mario Limonciello <mario.limonciello@amd.com>
Errors-To: fwts-devel-bounces@lists.ubuntu.com
Sender: "fwts-devel" <fwts-devel-bounces@lists.ubuntu.com>

The boundary checking looks when PCR 4 and `EV_EFI_BOOT_SERVICES_APPLICATION`
that the size is greater than `uefi_image_load_event`.

This test fails when loading a PE binary for a kernel image which is exactly
the size of `uefi_image_load_event`.

Furthermore, a kernel image may not have a device path specified, so don't
bail if that's zero size.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Ivan Hu<ivan.hu@canonical.com>
---
 src/tpm/tpmevlog/tpmevlog.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tpm/tpmevlog/tpmevlog.c b/src/tpm/tpmevlog/tpmevlog.c
index 96f71ffe..794b47ca 100644
--- a/src/tpm/tpmevlog/tpmevlog.c
+++ b/src/tpm/tpmevlog/tpmevlog.c
@@ -161,7 +161,7 @@ static int tpmevlog_pcr_type_event_check(
 	uefi_image_load_event *ev_image_load = (uefi_image_load_event *)event;
 
 	if (pcr == 4 && event_type == EV_EFI_BOOT_SERVICES_APPLICATION) {
-		if (event_size <= sizeof(uefi_image_load_event)) {
+		if (event_size < sizeof(uefi_image_load_event)) {
 			fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadEventLength",
 					"The length of the event is %" PRIu32 " which"
 					" is smaller than the UEFI Image Load Event "
@@ -171,7 +171,8 @@ static int tpmevlog_pcr_type_event_check(
 					event_size);
 			return FWTS_ERROR;
 		}
-		if (ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) {
+		if (ev_image_load->length_of_device_path &&
+		    ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) {
 			fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadDevicePathLength",
 					"The length of the device path is %" PRIu64
 					" is smaller than DevicePath of PE/COFF image "