- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks

that indicate bad buffer size specification. - add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are bogus, since the variables in questions will be initialized in any case later on. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=55
2019-12-11 13:30:50 +00:00 · 2019-12-11 13:30:50 +00:00 · 2100671155
commit 2100671155
parent 394bb79c04
4 changed files with 94 additions and 0 deletions
--- a/fix_bad_bufsize.patch
+++ b/fix_bad_bufsize.patch
@ -0,0 +1,26 @@
+Index: tpm2-tools-4.1/tools/tpm2_policytemplate.c
+===================================================================
+--- tpm2-tools-4.1.orig/tools/tpm2_policytemplate.c
+++ tpm2-tools-4.1/tools/tpm2_policytemplate.c
+@@ -23,7 +23,7 @@ static tpm2_policytemplate_ctx ctx;
+ 
+ static bool process_input_template_hash(char *value) {
+ 
+-    ctx.template_hash.size = UINT16_MAX;
+    ctx.template_hash.size = sizeof(ctx.template_hash.buffer);
+     bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
+             &ctx.template_hash.size, ctx.template_hash.buffer);
+     if (!result) {
+Index: tpm2-tools-4.1/tools/tpm2_policynamehash.c
+===================================================================
+--- tpm2-tools-4.1.orig/tools/tpm2_policynamehash.c
+++ tpm2-tools-4.1/tools/tpm2_policynamehash.c
+@@ -23,7 +23,7 @@ static tpm2_policynamehash_ctx ctx;
+ 
+ static bool process_input_name_hash(char *value) {
+ 
+-    ctx.name_hash.size = UINT16_MAX;
+    ctx.name_hash.size = sizeof(ctx.name_hash.buffer);
+     bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
+             &ctx.name_hash.size, ctx.name_hash.buffer);
+     if (!result) {
--- a/fix_bogus_warning.patch
+++ b/fix_bogus_warning.patch
@ -0,0 +1,52 @@
+Index: tpm2-tools-4.1/lib/tpm2_hash.c
+===================================================================
+--- tpm2-tools-4.1.orig/lib/tpm2_hash.c
+++ tpm2-tools-4.1/lib/tpm2_hash.c
+@@ -14,7 +14,7 @@ static tool_rc tpm2_hash_common(ESYS_CON
+         UINT16 inbuffer_len, TPM2B_DIGEST **result,
+         TPMT_TK_HASHCHECK **validation) {
+     bool use_left, done;
+-    unsigned long left;
+    unsigned long left = 0;
+     size_t bytes_read;
+     TPM2B_AUTH null_auth = TPM2B_EMPTY_INIT;
+     TPMI_DH_OBJECT sequence_handle;
+Index: tpm2-tools-4.1/lib/tpm2_attr_util.c
+===================================================================
+--- tpm2-tools-4.1.orig/lib/tpm2_attr_util.c
+++ tpm2-tools-4.1/lib/tpm2_attr_util.c
+@@ -202,7 +202,7 @@ static bool lookup_nt_friendly_name(cons
+ 
+ static bool nt(TPMA_NV *nv, char *arg) {
+ 
+-    uint16_t value;
+    uint16_t value = 0;
+     bool result = tpm2_util_string_to_uint16(arg, &value);
+     if (!result) {
+         result = lookup_nt_friendly_name(arg, &value);
+Index: tpm2-tools-4.1/tools/tpm2_policytemplate.c
+===================================================================
+--- tpm2-tools-4.1.orig/tools/tpm2_policytemplate.c
+++ tpm2-tools-4.1/tools/tpm2_policytemplate.c
+@@ -23,7 +23,7 @@ static tpm2_policytemplate_ctx ctx;
+ 
+ static bool process_input_template_hash(char *value) {
+ 
+-    ctx.template_hash.size = UINT16_MAX;
+    ctx.template_hash.size = sizeof(ctx.template_hash.buffer);
+     bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
+             &ctx.template_hash.size, ctx.template_hash.buffer);
+     if (!result) {
+Index: tpm2-tools-4.1/tools/tpm2_policynamehash.c
+===================================================================
+--- tpm2-tools-4.1.orig/tools/tpm2_policynamehash.c
+++ tpm2-tools-4.1/tools/tpm2_policynamehash.c
+@@ -23,7 +23,7 @@ static tpm2_policynamehash_ctx ctx;
+ 
+ static bool process_input_name_hash(char *value) {
+ 
+-    ctx.name_hash.size = UINT16_MAX;
+    ctx.name_hash.size = sizeof(ctx.name_hash.buffer);
+     bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
+             &ctx.name_hash.size, ctx.name_hash.buffer);
+     if (!result) {
--- a/tpm2.0-tools.changes
+++ b/tpm2.0-tools.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Dec 11 13:29:12 UTC 2019 - matthias.gerstner@suse.com
+
+- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
+  that indicate bad buffer size specification.
+- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
+  bogus, since the variables in questions will be initialized in any case
+  later on.
+
 -------------------------------------------------------------------
 Wed Dec 11 12:35:52 UTC 2019 - matthias.gerstner@suse.com

--- a/tpm2.0-tools.spec
+++ b/tpm2.0-tools.spec
@ -24,6 +24,8 @@ License:        BSD-3-Clause
 Group:          Productivity/Security
 Url:            https://github.com/tpm2-software/tpm2-tools/releases
 Source0:        https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
+Patch0:         fix_bogus_warning.patch
+Patch1:         fix_bad_bufsize.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@ -61,6 +63,8 @@ associated interfaces.

 %prep
 %setup -q -n tpm2-tools-%{version}
+%patch0 -p1
+%patch1 -p1

 %build
 %configure --disable-static
@ -78,5 +82,8 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %doc README.md LICENSE CHANGELOG.md
 /usr/bin/tpm2_*
 %{_mandir}/man1/tpm2_*
+%dir %{_datadir}/bash-completion
+%dir %{_datadir}/bash-completion/completions
+%{_datadir}/bash-completion/completions/*

 %changelog