Disclaimer: I could not complie-test or runtime-test these patches right now. This is a pure code-only review of the patches.
If I see this correctly, then it ends up at trousers.c:Trspi_LoadBlob() with an "if (size == 0) return;". So this is a false positive of coverity, since the case of "rgbSubCap == NULL && ulSubCapLength != 0" is already caught. I'm afraid the patch changes the RPC-message in a way that is different from the original implementation. I'm not sure, if this is compatible with other implementations. I have no idea though, how to silence coverity here. Maybe by adding a "rgbSubCap ? ulSubCapLength : 0" into the size parameter. Hopefully this will silence coverity. Am Mittwoch, den 09.04.2014, 15:41 -0300 schrieb [email protected]: > From: Richard Maciel <[email protected]> > > Related to coverity CID 10293. > > Basically for two capability values (TSS_TCSCAP_VERSION and > TSS_TCSCAP_PERSSTORAGE), it was possible to put NULL values on > subcapability, which was used as a source value by a memcpy in the > subsequent call tree. > > Signed-off-by: Richard Maciel <[email protected]> > --- > src/tspi/tspi_caps.c | 18 ++++++++++++------ > 1 file changed, 12 insertions(+), 6 deletions(-) > > diff --git a/src/tspi/tspi_caps.c b/src/tspi/tspi_caps.c > index 2997d8d..dbf999c 100644 > --- a/src/tspi/tspi_caps.c > +++ b/src/tspi/tspi_caps.c > @@ -36,6 +36,7 @@ Tspi_Context_GetCapability(TSS_HCONTEXT tspContext, /* in */ > BYTE ** prgbRespData) /* out */ > { > TSS_RESULT result; > + UINT32 dummy_val = 0; > > if (prgbRespData == NULL || pulRespDataLength == NULL ) > return TSPERR(TSS_E_BAD_PARAMETER); > @@ -64,19 +65,24 @@ Tspi_Context_GetCapability(TSS_HCONTEXT tspContext, > /* in */ > pulRespDataLength, > prgbRespData); > break; > - case TSS_TCSCAP_ALG: > - if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap) > - return TSPERR(TSS_E_BAD_PARAMETER); > - /* fall through */ > - case TSS_TCSCAP_VERSION: > + case TSS_TCSCAP_ALG: /* fall through for options below */ > case TSS_TCSCAP_CACHING: > - case TSS_TCSCAP_PERSSTORAGE: > case TSS_TCSCAP_MANUFACTURER: > case TSS_TCSCAP_TRANSPORT: > case TSS_TCSCAP_PLATFORM_CLASS: > + if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap) > + return TSPERR(TSS_E_BAD_PARAMETER); > + > result = RPC_GetCapability(tspContext, capArea, > ulSubCapLength, rgbSubCap, > pulRespDataLength, > prgbRespData); > break; > + case TSS_TCSCAP_VERSION: > + case TSS_TCSCAP_PERSSTORAGE: > + result = RPC_GetCapability(tspContext, capArea, > + ulSubCapLength ? ulSubCapLength : > sizeof(UINT32), > + rgbSubCap ? rgbSubCap : &dummy_val, > + pulRespDataLength, prgbRespData); > + break; > default: > LogDebug("Invalid capArea: 0x%x", capArea); > result = TSPERR(TSS_E_BAD_PARAMETER); ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
