From a6e65d22e5438e16e57e0abc1117716a6f15e0ff20febedf6b463202510b96a6 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Tue, 5 Oct 2021 12:11:52 +0000 Subject: [PATCH] update copyright OBS-URL: https://build.opensuse.org/package/show/security/tpm-tools?expand=0&rev=41 --- ...d-outputting-NULL-bytes-from-tpmVend.patch | 51 +++++++++++++++++++ ...d-outputting-undefined-data-on-stder.patch | 35 +++++++++++++ tpm-tools.changes | 8 +++ tpm-tools.spec | 6 ++- 4 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch create mode 100644 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch diff --git a/0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch b/0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch new file mode 100644 index 0000000..5bc9d05 --- /dev/null +++ b/0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch @@ -0,0 +1,51 @@ +From c927f67f36a4719bd15b8a535efb6980f1e87a6b Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Fri, 30 Nov 2018 12:48:37 +0100 +Subject: [PATCH] tpm_version: avoid outputting NULL bytes from tpmVendorID + +When the vendor ID contains null bytes then '^@' characters appear in +the tpm_version output. This can confuse users and it also causes e.g. +'grep' to treat the input as binary. Example: + + TPM Vendor ID: WEC\000 + +This change copies the vendor ID bytes over into a local string object. +This makes the code more independent of the vendor ID dimension and also +avoids NULL bytes being printed. +--- + src/tpm_mgmt/tpm_version.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +=================================================================== +--- tpm-tools-1.3.9.1.orig/src/tpm_mgmt/tpm_version.c ++++ tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +@@ -133,6 +133,7 @@ int cmdVersion(const char *a_szCmd) + UINT64 offset; + TSS_RESULT uiResult; + TPM_CAP_VERSION_INFO versionInfo; ++ char vendor_id[sizeof(versionInfo.tpmVendorID)+1]; + char *errbuf = NULL; // Buffer containing what was sent to stderr during getCapability. + + /* Disable logging to of "Bad Mode" during this call. +@@ -169,15 +170,17 @@ int cmdVersion(const char *a_szCmd) + goto out_close; + } + ++ // copy over the individual characters into a regular string. ++ // This avoids that null bytes are written to stdout. ++ snprintf ( vendor_id, sizeof(vendor_id), "%s", (const char*)versionInfo.tpmVendorID ); ++ + logMsg(_(" TPM 1.2 Version Info:\n")); + logMsg(_(" Chip Version: %hhu.%hhu.%hhu.%hhu\n"), + versionInfo.version.major, versionInfo.version.minor, + versionInfo.version.revMajor, versionInfo.version.revMinor); + logMsg(_(" Spec Level: %hu\n"), versionInfo.specLevel); + logMsg(_(" Errata Revision: %hhu\n"), versionInfo.errataRev); +- logMsg(_(" TPM Vendor ID: %c%c%c%c\n"), +- versionInfo.tpmVendorID[0], versionInfo.tpmVendorID[1], +- versionInfo.tpmVendorID[2], versionInfo.tpmVendorID[3]); ++ logMsg(_(" TPM Vendor ID: %s\n"), vendor_id); + + if (versionInfo.vendorSpecificSize) { + logMsg(_(" Vendor Specific data: ")); diff --git a/0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch b/0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch new file mode 100644 index 0000000..96de900 --- /dev/null +++ b/0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch @@ -0,0 +1,35 @@ +From f0f30ff3e3b08751ebb8524303d80b6e94882134 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Fri, 30 Nov 2018 13:17:01 +0100 +Subject: [PATCH] tpm_version: avoid outputting undefined data on stderr + +If there was no data written to the temporary file then memsize == 1, no +data will be read from the file into the buffer and the buffer will not +be null terminated. This can cause random data to be output later on to +the original stderr like: + +'#precedence ::ffff:0:0/' + +or + +'xl?8?' + +Fix this by making sure the buffer is always zero terminated. +--- + src/tpm_mgmt/tpm_version.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +=================================================================== +--- tpm-tools-1.3.9.1.orig/src/tpm_mgmt/tpm_version.c ++++ tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +@@ -99,6 +99,9 @@ char* end_capture_stderr(int olderr) + perror("read()"); + } + ++ // make sure the buffer is null terminated. ++ buf[st.st_size] = '\0'; ++ + // Restore stderr. + errout: + if (0 > dup2(olderr, STDERR_FILENO)) { diff --git a/tpm-tools.changes b/tpm-tools.changes index e9c5c98..db70ab8 100644 --- a/tpm-tools.changes +++ b/tpm-tools.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Oct 5 12:10:20 UTC 2021 - Matthias Gerstner + +- fix undefined and binary data being output in the tpm_version command + (bsc#1114793) + - add 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch + - add 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch + ------------------------------------------------------------------- Wed Mar 3 11:29:22 UTC 2021 - Matthias Gerstner diff --git a/tpm-tools.spec b/tpm-tools.spec index 9d345ba..7668fca 100644 --- a/tpm-tools.spec +++ b/tpm-tools.spec @@ -32,6 +32,10 @@ BuildRequires: openCryptoki-devel BuildRequires: openssl-devel BuildRequires: trousers-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build +# I reported this to the tpm-tools/trousers mailing list on 2018-12-03 but the +# patches never made it into the upstream repo for some reason +Patch0: 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch +Patch1: 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch %description Trusted Computing is a set of specifications published by the Trusted @@ -89,7 +93,7 @@ This package contains the libraries and headers necessary for developing tpm-tools applications. %prep -%setup -q -n %{name}-%{version} +%autosetup -p1 -n %{name}-%{version} %build sh bootstrap.sh