From 45f5061ef4c8ff569808e83a545f11b531b7fc0db1a7de4461347c8cec0c8630 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Fri, 18 Jun 2021 14:57:05 +0000
Subject: [PATCH] Accepting request 900773 from home:aplanas:branches:security

- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the
  tpm2_eventlog command (boo#1187360)

OBS-URL: https://build.opensuse.org/request/show/900773
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=78
---
 ...ventlog-read-eventlog-file-in-chunks.patch | 145 ++++++++++++++++++
 tpm2.0-tools.changes                          |   6 +
 tpm2.0-tools.spec                             |   2 +
 3 files changed, 153 insertions(+)
 create mode 100644 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch

diff --git a/0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch b/0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
new file mode 100644
index 0000000..d29174e
--- /dev/null
+++ b/0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
@@ -0,0 +1,145 @@
+From b95e41bccc64e488ca9c824e632b8ca5bc87db55 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Fri, 18 Jun 2021 15:54:22 +0200
+Subject: [PATCH] tpm2_eventlog: read eventlog file in chunks
+
+The eventlog file lives is securityfs, that do not return the file size.
+The current implementation first try to do a "fseek(fp, 0, SEEK_END)"
+for this file, and this will always return 0.
+
+This generate an error, and tpm2_eventlog exit with:
+
+ERROR: Unable to run tpm2_eventlog
+
+This patch replace the reading logic, now reading in chunks of 16KB and
+reallocating the buffer if needed. Also introduces a new function in
+files.c ("files_read_bytes_chunk") that helps counting the total read
+size, that now is different from the ammount of allocated memory.
+
+Fixes #2775
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ lib/files.c                |  9 +++++++++
+ lib/files.h                | 15 ++++++++++++++
+ tools/misc/tpm2_eventlog.c | 40 +++++++++++++++++++-------------------
+ 3 files changed, 44 insertions(+), 20 deletions(-)
+
+diff --git a/lib/files.c b/lib/files.c
+index 884dd23c..7f0fb39f 100644
+--- a/lib/files.c
++++ b/lib/files.c
+@@ -564,6 +564,15 @@ bool files_read_bytes(FILE *out, UINT8 bytes[], size_t len) {
+     return (readx(out, bytes, len) == len);
+ }
+ 
++bool files_read_bytes_chunk(FILE *out, UINT8 bytes[], size_t len, size_t *read_len) {
++
++    BAIL_ON_NULL("FILE", out);
++    BAIL_ON_NULL("bytes", bytes);
++    size_t chunk_len = readx(out, bytes, len);
++    *read_len += chunk_len;
++    return (chunk_len == len);
++}
++
+ bool files_write_bytes(FILE *out, uint8_t bytes[], size_t len) {
+ 
+     BAIL_ON_NULL("FILE", out);
+diff --git a/lib/files.h b/lib/files.h
+index 33022cbd..684b7eef 100644
+--- a/lib/files.h
++++ b/lib/files.h
+@@ -571,6 +571,21 @@ bool files_read_64(FILE *out, UINT64 *data);
+  */
+ bool files_read_bytes(FILE *out, UINT8 data[], size_t size);
+ 
++/**
++ * Reads len bytes from a file and set the read length.
++ * @param out
++ *  The file to read from.
++ * @param data
++ *  The buffer to read into, only valid on a True return.
++ * @param size
++ *  The number of bytes to read.
++ * @param read_size
++ *  Total number of bytes readed.
++ * @return
++ *  True on success, False otherwise.
++ */
++bool files_read_bytes_chunk(FILE *out, UINT8 data[], size_t size, size_t *read_size);
++
+ /**
+  * Converts a TPM2B_ATTEST to a TPMS_ATTEST using libmu.
+  * @param quoted
+diff --git a/tools/misc/tpm2_eventlog.c b/tools/misc/tpm2_eventlog.c
+index b51089bd..64ce6add 100644
+--- a/tools/misc/tpm2_eventlog.c
++++ b/tools/misc/tpm2_eventlog.c
+@@ -12,6 +12,8 @@
+ #include "tpm2_eventlog_yaml.h"
+ #include "tpm2_tool.h"
+ 
++#define CHUNK_SIZE 16384
++
+ static char *filename = NULL;
+ 
+ /* Set the default YAML version */
+@@ -72,37 +74,35 @@ static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) {
+         return tool_rc_option_error;
+     }
+ 
+-    /* Get file size */
+-    unsigned long size = 0;
+-    bool ret = files_get_file_size_path(filename, &size);
+-    if (!ret || !size) {
++    /* Read the file in chunks.  Usually the file will reside in
++       securityfs, and those files do not have a public file size */
++    tool_rc rc = tool_rc_success;
++    FILE *fileptr = fopen(filename, "rb");
++    if (!fileptr) {
+         return tool_rc_general_error;
+     }
+ 
+-    /* Allocate buffer to read file data */
+-    UINT8 *eventlog = calloc(1, size);
++    /* Reserve the buffer for the first chunk */
++    UINT8 *eventlog = calloc(1, CHUNK_SIZE);
+     if (eventlog == NULL){
+-        LOG_ERR("failed to allocate %lu bytes: %s", size, strerror(errno));
++        LOG_ERR("failed to allocate %d bytes: %s", CHUNK_SIZE, strerror(errno));
+         return tool_rc_general_error;
+     }
+ 
+-    /* Load buffer with file data */
+-    tool_rc rc = tool_rc_success;
+-    FILE *fileptr = fopen(filename, "rb");
+-    if (!fileptr) {
+-        rc = tool_rc_general_error;
+-        goto out;
++    unsigned long size = 0;
++    while (files_read_bytes_chunk(fileptr, eventlog, CHUNK_SIZE, &size)) {
++        UINT8 *eventlog_tmp = realloc(eventlog, size + CHUNK_SIZE);
++        if (eventlog_tmp == NULL){
++            LOG_ERR("failed to allocate %lu bytes: %s", size + CHUNK_SIZE, strerror(errno));
++            rc = tool_rc_general_error;
++            goto out;
++        }
++        eventlog = eventlog_tmp;
+     }
+-
+-    ret = files_read_bytes(fileptr, eventlog, size);
+     fclose(fileptr);
+-    if (!ret) {
+-        rc = tool_rc_general_error;
+-        goto out;
+-    }
+ 
+     /* Parse eventlog data */
+-    ret = yaml_eventlog(eventlog, size, eventlog_version);
++    bool ret = yaml_eventlog(eventlog, size, eventlog_version);
+     if (!ret) {
+         LOG_ERR("failed to parse tpm2 eventlog");
+         rc = tool_rc_general_error;
+-- 
+2.32.0
+
diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes
index 20c7a11..67d02bb 100644
--- a/tpm2.0-tools.changes
+++ b/tpm2.0-tools.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jun 18 14:44:25 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the
+  tpm2_eventlog command (boo#1187360)
+
 -------------------------------------------------------------------
 Thu Jun 17 09:26:42 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
 
diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec
index e2baf54..cb9f1aa 100644
--- a/tpm2.0-tools.spec
+++ b/tpm2.0-tools.spec
@@ -27,6 +27,7 @@ Source0:        https://github.com/tpm2-software/tpm2-tools/releases/download/%{
 Patch0:         fix_bogus_warning.patch
 Patch1:         0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
 Patch2:         0001-tpm2_checkquote-fix-uninitialized-variable.patch
+Patch3:         0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -70,6 +71,7 @@ associated interfaces.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 # TODO: remove autoreconf once fix_pie_linking patch is no longer needed