diff --git a/examples/attestation/activate_credential.c b/examples/attestation/activate_credential.c index d83d8ba7..70bb404f 100644 --- a/examples/attestation/activate_credential.c +++ b/examples/attestation/activate_credential.c @@ -192,6 +192,20 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[]) } printf("Read credential blob and secret from %s, %d bytes\n", input, dataSize); + /* Validate sizes from file data to prevent buffer overrun */ + if (activCredIn.credentialBlob.size > + sizeof(activCredIn.credentialBlob.buffer)) { + printf("Credential blob size %d exceeds buffer\n", + activCredIn.credentialBlob.size); + rc = BAD_FUNC_ARG; + goto exit; + } + if (activCredIn.secret.size > sizeof(activCredIn.secret.secret)) { + printf("Secret size %d exceeds buffer\n", + activCredIn.secret.size); + rc = BAD_FUNC_ARG; + goto exit; + } #else printf("Can not load credential. File support not enabled\n"); goto exit; diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c index 5a9ac64a..fbea8a44 100644 --- a/examples/attestation/make_credential.c +++ b/examples/attestation/make_credential.c @@ -156,6 +156,11 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[]) wolfTPM2_GetRandom(&dev, makeCredIn.credential.buffer, makeCredIn.credential.size); /* Set the object name */ + if (name.size > sizeof(makeCredIn.objectName.name)) { + printf("Name size %d exceeds buffer\n", name.size); + rc = BAD_FUNC_ARG; + goto exit; + } makeCredIn.objectName.size = name.size; XMEMCPY(makeCredIn.objectName.name, name.name, makeCredIn.objectName.size); diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c index 69cb78df..d1b288c2 100644 --- a/examples/pcr/extend.c +++ b/examples/pcr/extend.c @@ -74,6 +74,7 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) BYTE dataBuffer[1024]; enum wc_HashType hashType; wc_HashAlg dig; + int hashInitialized = 0; #endif union { @@ -153,15 +154,24 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) if (fp != XBADFILE) { rc = TPM2_GetHashType(alg); hashType = (enum wc_HashType)rc; - wc_HashInit(&dig, hashType); - while (!XFEOF(fp)) { + rc = wc_HashInit(&dig, hashType); + if (rc == 0) + hashInitialized = 1; + while (rc == 0 && !XFEOF(fp)) { len = XFREAD(dataBuffer, 1, sizeof(dataBuffer), fp); if (len > 0) { - wc_HashUpdate(&dig, hashType, dataBuffer, (int)len); + rc = wc_HashUpdate(&dig, hashType, dataBuffer, (int)len); } } XFCLOSE(fp); - wc_HashFinal(&dig, hashType, hash); + if (rc == 0) + rc = wc_HashFinal(&dig, hashType, hash); + if (hashInitialized) + wc_HashFree(&dig, hashType); + if (rc != 0) { + printf("Hash operation failed %d\n", rc); + goto exit; + } XMEMCPY(cmdIn.pcrExtend.digests.digests[0].digest.H, hash, hashSz); diff --git a/src/tpm2_linux.c b/src/tpm2_linux.c index 591953d5..cf3dc7cb 100644 --- a/src/tpm2_linux.c +++ b/src/tpm2_linux.c @@ -144,17 +144,16 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet) rspSz = (int)ret; rc = TPM_RC_SUCCESS; } - else if (ret == 0) { - #ifdef DEBUG_WOLFTPM - printf("Received EOF(0) from %s: errno %d = %s\n", - TPM2_LINUX_DEV, errno, strerror(errno)); - #endif - rc = TPM_RC_FAILURE; - } else { #ifdef DEBUG_WOLFTPM - printf("Failed to read from %s: errno %d = %s\n", - TPM2_LINUX_DEV, errno, strerror(errno)); + if (ret == 0) { + printf("Received EOF from %s\n", TPM2_LINUX_DEV); + } + else { + printf("Failed to read from %s (ret %zd):" + " errno %d = %s\n", TPM2_LINUX_DEV, ret, + errno, strerror(errno)); + } #endif rc = TPM_RC_FAILURE; } diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c index 090206af..571052c9 100644 --- a/src/tpm2_param_enc.c +++ b/src/tpm2_param_enc.c @@ -209,6 +209,14 @@ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; @@ -264,6 +272,14 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; @@ -321,6 +337,14 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; @@ -387,6 +411,14 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index dc6cfdb1..1580c55c 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -123,7 +123,9 @@ static int wolfTPM2_Init_ex(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx, rc = TPM2_Init_ex(ctx, ioCb, userCtx, timeoutTries); #endif if (rc != TPM_RC_SUCCESS) { + #ifdef DEBUG_WOLFTPM printf("TPM2_Init failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + #endif return rc; } #ifdef DEBUG_WOLFTPM