Thanks for reporting the bug and providing a fix, the patch passed review and
validation, we got it upstreamed.
-Ning
From: shiwan...@gohighsec.com [mailto:shiwan...@gohighsec.com]
Sent: Thursday, January 19, 2017 6:32 PM
To: tboot-devel <tboot-devel@lists.sourceforge.net>
Subject: [tboot-devel] null pointer dereference bug
Hi,
There is a null pointer dereference bug when Intel TXT disable within BIOS.
The variable sinit_region_base is used in the function (get_bios_sinit),but it
is a null pointer dereference when Intel TXT disable within BIOS.
The detail of this prosess can be described as follows:
begin_launch
copy_sinit
get_bios_sinit(sinit_region_base)//sinit_region_base is a null
pointer.
Here is a patch against 1.9.5 which corrects the problem:
---------------------------------------------------------------------------
diff -r 3eccbcd22ef1 -r 836fdebabdb4 tboot/txt/acmod.c
--- a/tboot/txt/acmod.c Wed Jan 18 18:14:32 2017 -0800
+++ b/tboot/txt/acmod.c Fri Jan 20 10:27:18 2017 +0800
@@ -650,6 +650,8 @@
#ifndef IS_INCLUDED
acm_hdr_t *get_bios_sinit(const void *sinit_region_base)
{
+ if ( sinit_region_base == NULL )
+ return NULL;
txt_heap_t *txt_heap = get_txt_heap();
bios_data_t *bios_data = get_bios_data_start(txt_heap);
@@ -737,6 +739,9 @@
return NULL;
}
+ if ( sinit_region_base == NULL )
+ return NULL;
+
/* copy it there */
memcpy(sinit_region_base, sinit, sinit->size*4);
Thanks,
Wangyi
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
