RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: libtpm Date: 22-Sep-2013 00:13:06 Branch: HEAD Handle: 2013092122130600 Modified files: libtpm/libtpm/lib hmac.c keyswap.c tpmutil.c transport.c Log: - coverity fixes. Summary: Revision Changes Path 1.5 +48 -18 libtpm/libtpm/lib/hmac.c 1.5 +2 -1 libtpm/libtpm/lib/keyswap.c 1.7 +239 -123 libtpm/libtpm/lib/tpmutil.c 1.6 +2 -0 libtpm/libtpm/lib/transport.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: libtpm/libtpm/lib/hmac.c ============================================================================ $ cvs diff -u -r1.4 -r1.5 hmac.c --- libtpm/libtpm/lib/hmac.c 1 Sep 2013 18:20:20 -0000 1.4 +++ libtpm/libtpm/lib/hmac.c 21 Sep 2013 22:13:06 -0000 1.5 @@ -93,8 +93,10 @@ if (dlen == 0) break; dpos = (unsigned int) va_arg(argp, unsigned int); - if (dpos + dlen > tb->used) - return ERR_BUFFER; + if (dpos + dlen > tb->used) { + ret = ERR_BUFFER; + goto exit; + } SHA1_Update(&sha, buffer + dpos, dlen); } va_end(argp); @@ -102,9 +104,15 @@ TSS_rawhmac(testhmac, key, keylen, TPM_HASH_SIZE, paramdigest, TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 1, continueflag, 0, 0); - if (memcmp(testhmac, authdata, TPM_HASH_SIZE) != 0) - return ERR_HMAC_FAIL; - return 0; + if (memcmp(testhmac, authdata, TPM_HASH_SIZE) != 0) { + ret = ERR_HMAC_FAIL; + goto exit; + } + ret = 0; + +exit: + va_end(argp); + return ret; } uint32_t TSS_checkhmac1New(const struct tpm_buffer * tb, uint32_t command, @@ -249,8 +257,10 @@ if (dlen == 0) break; dpos = (unsigned int) va_arg(argp, unsigned int); - if (dpos + dlen > tb->used) - return ERR_BUFFER; + if (dpos + dlen > tb->used) { + ret = ERR_BUFFER; + goto exit; + } SHA1_Update(&sha, buffer + dpos, dlen); } SHA1_Final(paramdigest, &sha); @@ -260,11 +270,19 @@ TSS_rawhmac(testhmac2, key2, keylen2, TPM_HASH_SIZE, paramdigest, TPM_NONCE_SIZE, enonce2, TPM_NONCE_SIZE, ononce2, 1, continueflag2, 0, 0); - if (memcmp(testhmac1, authdata1, TPM_HASH_SIZE) != 0) - return ERR_HMAC_FAIL; - if (memcmp(testhmac2, authdata2, TPM_HASH_SIZE) != 0) - return ERR_HMAC_FAIL; - return 0; + if (memcmp(testhmac1, authdata1, TPM_HASH_SIZE) != 0) { + ret = ERR_HMAC_FAIL; + goto exit; + } + if (memcmp(testhmac2, authdata2, TPM_HASH_SIZE) != 0) { + ret = ERR_HMAC_FAIL; + goto exit; + } + ret = 0; + +exit: + va_end(argp); + return ret; } /****************************************************************************/ @@ -300,6 +318,7 @@ unsigned int dlen; unsigned char *data; unsigned char c; + uint32_t ret; va_list argp; @@ -313,17 +332,22 @@ if (dlen == 0) break; data = (unsigned char *) va_arg(argp, unsigned char *); - if (data == NULL) - return ERR_NULL_ARG; + if (data == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } SHA1_Update(&sha, data, dlen); } - va_end(argp); SHA1_Final(paramdigest, &sha); TSS_rawhmac(digest, key, keylen, TPM_HASH_SIZE, paramdigest, TPM_NONCE_SIZE, h1, TPM_NONCE_SIZE, h2, 1, &c, 0, 0); - return 0; + ret = 0; + +exit: + va_end(argp); + return ret; } /****************************************************************************/ @@ -353,6 +377,7 @@ unsigned int dlen; unsigned char *data; va_list argp; + uint32_t ret; #ifdef HAVE_HMAC_CTX_CLEANUP HMAC_CTX_init(&hmac); @@ -365,8 +390,10 @@ if (dlen == 0) break; data = (unsigned char *) va_arg(argp, unsigned char *); - if (data == NULL) - return ERR_NULL_ARG; + if (data == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } HMAC_Update(&hmac, data, dlen); } HMAC_Final(&hmac, digest, &dlen); @@ -376,6 +403,9 @@ #else HMAC_cleanup(&hmac); #endif + ret = 0; + +exit: va_end(argp); return 0; } @@ . patch -p0 <<'@@ .' Index: libtpm/libtpm/lib/keyswap.c ============================================================================ $ cvs diff -u -r1.4 -r1.5 keyswap.c --- libtpm/libtpm/lib/keyswap.c 1 Sep 2013 18:20:20 -0000 1.4 +++ libtpm/libtpm/lib/keyswap.c 21 Sep 2013 22:13:06 -0000 1.5 @@ -61,7 +61,8 @@ { char buffer[200]; char *inst = getenv("TPM_INSTANCE"); - sprintf(buffer, "/tmp/.key-%08X-%s", keyhandle, inst); + snprintf(buffer, sizeof(buffer), "/tmp/.key-%08X-%s", keyhandle, inst); + buffer[sizeof(buffer)-1] = '\0'; return strdup(buffer); } @@ . patch -p0 <<'@@ .' Index: libtpm/libtpm/lib/tpmutil.c ============================================================================ $ cvs diff -u -r1.6 -r1.7 tpmutil.c --- libtpm/libtpm/lib/tpmutil.c 21 Sep 2013 22:05:06 -0000 1.6 +++ libtpm/libtpm/lib/tpmutil.c 21 Sep 2013 22:13:06 -0000 1.7 @@ -381,6 +381,7 @@ unsigned char *buffer = tb->buffer; unsigned int start = tb->used; int dummy; + int ret; va_start(argp, tb); totpos = 0; @@ -394,10 +395,14 @@ break; case 'L': case 'X': - if (hexflag) - return ERR_BAD_ARG; - if (totlen + 4 >= tb->size) - return ERR_BUFFER; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } + if (totlen + 4 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = 0; l = (unsigned long) va_arg(argp, unsigned long); STORE32(o, 0, l); @@ -407,10 +412,14 @@ totlen += TPM_U32_SIZE; break; case 'S': - if (hexflag) - return ERR_BAD_ARG; - if (totlen + 2 >= tb->size) - return ERR_BUFFER; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } + if (totlen + 2 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = 0; s = (unsigned short) va_arg(argp, int); STORE16(o, 0, s); @@ -418,10 +427,14 @@ totlen += TPM_U16_SIZE; break; case 'l': - if (hexflag) - return ERR_BAD_ARG; - if (totlen + 4 >= tb->size) - return ERR_BUFFER; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } + if (totlen + 4 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = 0; l = (unsigned long) va_arg(argp, unsigned long); STORE32N(o, 0, l); @@ -429,10 +442,14 @@ totlen += TPM_U32_SIZE; break; case 's': - if (hexflag) - return ERR_BAD_ARG; - if (totlen + 2 >= tb->size) - return ERR_BUFFER; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } + if (totlen + 2 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = 0; s = (unsigned short) va_arg(argp, int); STORE16N(o, 0, s); @@ -440,10 +457,14 @@ totlen += TPM_U16_SIZE; break; case 'o': - if (hexflag) - return ERR_BAD_ARG; - if (totlen + 1 >= tb->size) - return ERR_BUFFER; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } + if (totlen + 1 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = 0; c = (unsigned char) va_arg(argp, int); *(o) = c; @@ -452,15 +473,21 @@ break; case '@': case '*': - if (hexflag) - return ERR_BAD_ARG; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } byte = 0; len = (int) va_arg(argp, int); - if (totlen + 4 + len >= tb->size) - return ERR_BUFFER; + if (totlen + 4 + len >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (len > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (len > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } STORE32(o, 0, len); o += TPM_U32_SIZE; if (len > 0) @@ -469,15 +496,21 @@ totlen += len + TPM_U32_SIZE; break; case '&': - if (hexflag) - return ERR_BAD_ARG; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } byte = 0; len16 = (uint16_t) va_arg(argp, int); - if (totlen + 2 + len16 >= tb->size) - return ERR_BUFFER; + if (totlen + 2 + len16 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (len16 > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (len16 > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } STORE16(o, 0, len16); o += TPM_U16_SIZE; if (len16 > 0) @@ -486,25 +519,35 @@ totlen += len16 + TPM_U16_SIZE; break; case '%': - if (hexflag) - return ERR_BAD_ARG; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } byte = 0; len = (int) va_arg(argp, int); - if (totlen + len >= tb->size) - return ERR_BUFFER; + if (totlen + len >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (len > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (len > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } if (len > 0) memcpy(o, ptr, len); o += len; totlen += len; break; case 'T': - if (hexflag) - return ERR_BAD_ARG; - if (totlen + 4 >= tb->size) - return ERR_BUFFER; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } + if (totlen + 4 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = 0; totpos = o; o += TPM_U32_SIZE; @@ -520,8 +563,10 @@ case '7': case '8': case '9': - if (totlen + 1 >= tb->size) - return ERR_BUFFER; + if (totlen + 1 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = byte << 4; byte = byte | ((*p - '0') & 0x0F); if (hexflag) { @@ -538,8 +583,10 @@ case 'D': case 'E': case 'F': - if (totlen + 1 >= tb->size) - return ERR_BUFFER; + if (totlen + 1 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = byte << 4; byte = byte | (((*p - 'A') & 0x0F) + 0x0A); if (hexflag) { @@ -556,8 +603,10 @@ case 'd': case 'e': case 'f': - if (totlen + 1 >= tb->size) - return ERR_BUFFER; + if (totlen + 1 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } byte = byte << 4; byte = byte | (((*p - 'a') & 0x0F) + 0x0A); if (hexflag) { @@ -573,17 +622,23 @@ /* parameters: address of length indicator, maximum number of bytes address of buffer */ - if (hexflag) - return ERR_BAD_ARG; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } byte = 0; len16 = (uint16_t) va_arg(argp, int); dummy = va_arg(argp, int); dummy = dummy; /* make compiler happy */ - if (totlen + len16 >= tb->size) - return ERR_BUFFER; + if (totlen + len16 >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (len16 > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (len16 > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } STORE16(o, 0, len16); o += TPM_U16_SIZE; if (len16 > 0) @@ -596,16 +651,22 @@ /* parameters: address of length indicator, maximum number of bytes address of buffer */ - if (hexflag) - return ERR_BAD_ARG; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } byte = 0; len = va_arg(argp, int); dummy = va_arg(argp, int); - if (totlen + len >= tb->size) - return ERR_BUFFER; + if (totlen + len >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (len > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (len > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } STORE32(o, 0, len); o += TPM_U32_SIZE; if (len > 0) @@ -619,16 +680,22 @@ /* parameters: address of length indicator, maximum number of bytes address of buffer */ - if (hexflag) - return ERR_BAD_ARG; + if (hexflag) { + ret = ERR_BAD_ARG; + goto exit; + } byte = 0; len = va_arg(argp, int); dummy = va_arg(argp, int); - if (totlen + len >= tb->size) - return ERR_BUFFER; + if (totlen + len >= tb->size) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (len > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (len > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } STORE32(o, 0, len); o += TPM_U32_SIZE; totlen += TPM_U32_SIZE + len; @@ -639,13 +706,14 @@ } break; default: - return ERR_BAD_ARG; + ret = ERR_BAD_ARG; + goto exit; + break; } ++p; } if (totpos != 0) STORE32(totpos, 0, totlen); - va_end(argp); #ifdef DEBUG printf("buildbuff results...\n"); for (i = 0; i < totlen; i++) { @@ -656,7 +724,11 @@ printf("\n"); #endif tb->used = totlen; - return totlen - start; + ret = totlen - start; + +exit: + va_end(argp); + return ret; } int TSS_parsebuff(char *format, const struct tpm_buffer *tb, @@ -689,7 +761,7 @@ l = (uint32_t *) va_arg(argp, unsigned long *); ret = tpm_buffer_load32(tb, offset, l); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U32_SIZE; break; case 'X': @@ -698,33 +770,35 @@ l = (uint32_t *) va_arg(argp, unsigned long *); ret = tpm_buffer_load32(tb, offset, l); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U32_SIZE; break; case 'S': s = (uint16_t *) va_arg(argp, int *); ret = tpm_buffer_load16(tb, offset, s); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U16_SIZE; break; case 'l': l = (uint32_t *) va_arg(argp, unsigned long *); ret = tpm_buffer_load32N(tb, offset, l); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U32_SIZE; break; case 's': s = (uint16_t *) va_arg(argp, int *); ret = tpm_buffer_load16N(tb, offset, s); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U16_SIZE; break; case 'o': - if (offset + 1 > tb->used) - return ERR_BUFFER; + if (offset + 1 > tb->used) { + ret = ERR_BUFFER; + goto exit; + } c = (unsigned char *) va_arg(argp, unsigned char *); *c = tb->buffer[offset]; offset += 1; @@ -733,13 +807,17 @@ len = (uint32_t *) va_arg(argp, int *); ret = tpm_buffer_load32(tb, offset, len); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += 4; ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (*len > 0 && ptr == NULL) - return -3; - if (offset + *len > tb->used) - return ERR_BUFFER; + if (*len > 0 && ptr == NULL) { + ret = -3; + goto exit; + } + if (offset + *len > tb->used) { + ret = ERR_BUFFER; + goto exit; + } if (*len > 0) memcpy(ptr, &tb->buffer[offset], *len); offset += *len; @@ -749,17 +827,23 @@ len = (uint32_t *) va_arg(argp, int *); ret = tpm_buffer_load32(tb, offset, len); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += 4; pptr = (unsigned char **) va_arg(argp, unsigned char **); - if (*len > 0 && pptr == NULL) - return -3; - if (offset + *len > tb->used) - return ERR_BUFFER; + if (*len > 0 && pptr == NULL) { + ret = -3; + goto exit; + } + if (offset + *len > tb->used) { + ret = ERR_BUFFER; + goto exit; + } if (*len > 0) { buf = malloc(*len); - if (buf == NULL) - return ERR_MEM_ERR; + if (buf == NULL) { + ret = ERR_MEM_ERR; + goto exit; + } *pptr = buf; memcpy(buf, &tb->buffer[offset], *len); } @@ -770,17 +854,23 @@ len16 = (uint16_t *) va_arg(argp, uint16_t *); ret = tpm_buffer_load16(tb, offset, len16); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += 2; pptr = (unsigned char **) va_arg(argp, unsigned char **); - if (*len16 > 0 && pptr == NULL) - return -3; - if (offset + *len16 > tb->used) - return ERR_BUFFER; + if (*len16 > 0 && pptr == NULL) { + ret = -3; + goto exit; + } + if (offset + *len16 > tb->used) { + ret = ERR_BUFFER; + goto exit; + } if (*len16 > 0) { buf = malloc(*len16); - if (buf == NULL) - return ERR_MEM_ERR; + if (buf == NULL) { + ret = ERR_MEM_ERR; + goto exit; + } *pptr = buf; memcpy(buf, &tb->buffer[offset], *len16); } @@ -795,15 +885,21 @@ lenmax = va_arg(argp, int); ret = tpm_buffer_load16(tb, offset, len16); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += 2; ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (*len16 > 0 && ptr == NULL) - return ERR_BUFFER; - if (offset + *len16 > tb->used) - return ERR_BUFFER; - if (*len16 > lenmax) - return ERR_BUFFER; + if (*len16 > 0 && ptr == NULL) { + ret = ERR_BUFFER; + goto exit; + } + if (offset + *len16 > tb->used) { + ret = ERR_BUFFER; + goto exit; + } + if (*len16 > lenmax) { + ret = ERR_BUFFER; + goto exit; + } if (*len16 > 0) memcpy(ptr, &tb->buffer[offset], *len16); offset += *len16; @@ -817,15 +913,21 @@ lenmax = va_arg(argp, int); ret = tpm_buffer_load32(tb, offset, len); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U32_SIZE; ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (*len > 0 && ptr == NULL) - return -3; - if (offset + *len > tb->used) - return ERR_BUFFER; - if (*len > lenmax) - return ERR_BUFFER; + if (*len > 0 && ptr == NULL) { + ret = -3; + goto exit; + } + if (offset + *len > tb->used) { + ret = ERR_BUFFER; + goto exit; + } + if (*len > lenmax) { + ret = ERR_BUFFER; + goto exit; + } if (*len > 0) memcpy(ptr, &tb->buffer[offset], *len); offset += *len; @@ -840,15 +942,21 @@ lenmax = va_arg(argp, int); ret = tpm_buffer_load32(tb, offset, len); if ((ret & ERR_MASK)) - return ret; + goto exit; offset += TPM_U32_SIZE; ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (*len > 0 && ptr == NULL) - return -3; - if (offset + *len > tb->used) - return ERR_BUFFER; - if (*len > lenmax) - return ERR_BUFFER; + if (*len > 0 && ptr == NULL) { + ret = -3; + goto exit; + } + if (offset + *len > tb->used) { + ret = ERR_BUFFER; + goto exit; + } + if (*len > lenmax) { + ret = ERR_BUFFER; + goto exit; + } length = *len; while (length > 0) { *ptr = tb->buffer[offset + length - 1]; @@ -859,24 +967,32 @@ break; case '%': length = (int) va_arg(argp, int); - if (offset + length > tb->used) - return ERR_BUFFER; + if (offset + length > tb->used) { + ret = ERR_BUFFER; + goto exit; + } ptr = (unsigned char *) va_arg(argp, unsigned char *); - if (length > 0 && ptr == NULL) - return ERR_NULL_ARG; + if (length > 0 && ptr == NULL) { + ret = ERR_NULL_ARG; + goto exit; + } if (length > 0) memcpy(ptr, &tb->buffer[offset], length); offset += length; ptr = NULL; break; default: - return ERR_BAD_ARG; + ret = ERR_BAD_ARG; + goto exit; + break; } ++p; } - va_end(argp); + ret = offset - start; - return offset - start; +exit: + va_end(argp); + return ret; } /****************************************************************************/ @@ . patch -p0 <<'@@ .' Index: libtpm/libtpm/lib/transport.c ============================================================================ $ cvs diff -u -r1.5 -r1.6 transport.c --- libtpm/libtpm/lib/transport.c 21 Sep 2013 22:05:06 -0000 1.5 +++ libtpm/libtpm/lib/transport.c 21 Sep 2013 22:13:06 -0000 1.6 @@ -777,6 +777,8 @@ uint32_t locality; TPM_CURRENT_TICKS tct; + memset(&sess, 0, sizeof(sess)); + if (usageAuth == NULL || ttp == NULL || secret == NULL) return ERR_NULL_ARG; @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org