Good catch. I did a mistake and followed the wrong function path (because of the coverity lead), so I took some time to review this and reevaluated my position. It's a false positive, indeed.
Thanks! Em 11-04-2014 06:52, Fuchs, Andreas escreveu: > Disclaimer: > I could not complie-test or runtime-test these patches right now. This is a > pure code-only review of the patches. > > If I see this correctly, then it ends up at trousers.c:Trspi_LoadBlob() with > an "if (size == 0) return;". So this is a false positive of coverity, since > the case of "rgbSubCap == NULL && ulSubCapLength != 0" is already caught. I'm > afraid the patch changes the RPC-message in a way that is different from the > original implementation. I'm not sure, if this is compatible with other > implementations. > I have no idea though, how to silence coverity here. Maybe by adding a > "rgbSubCap ? ulSubCapLength : 0" into the size parameter. Hopefully this will > silence coverity. > > > > Am Mittwoch, den 09.04.2014, 15:41 -0300 schrieb [email protected]: >> From: Richard Maciel <[email protected]> >> >> Related to coverity CID 10293. >> >> Basically for two capability values (TSS_TCSCAP_VERSION and >> TSS_TCSCAP_PERSSTORAGE), it was possible to put NULL values on >> subcapability, which was used as a source value by a memcpy in the >> subsequent call tree. >> >> Signed-off-by: Richard Maciel <[email protected]> >> --- >> src/tspi/tspi_caps.c | 18 ++++++++++++------ >> 1 file changed, 12 insertions(+), 6 deletions(-) >> >> diff --git a/src/tspi/tspi_caps.c b/src/tspi/tspi_caps.c >> index 2997d8d..dbf999c 100644 >> --- a/src/tspi/tspi_caps.c >> +++ b/src/tspi/tspi_caps.c >> @@ -36,6 +36,7 @@ Tspi_Context_GetCapability(TSS_HCONTEXT tspContext, >> /* in */ >> BYTE ** prgbRespData) /* out */ >> { >> TSS_RESULT result; >> + UINT32 dummy_val = 0; >> >> if (prgbRespData == NULL || pulRespDataLength == NULL ) >> return TSPERR(TSS_E_BAD_PARAMETER); >> @@ -64,19 +65,24 @@ Tspi_Context_GetCapability(TSS_HCONTEXT tspContext, >> /* in */ >> pulRespDataLength, >> prgbRespData); >> break; >> - case TSS_TCSCAP_ALG: >> - if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap) >> - return TSPERR(TSS_E_BAD_PARAMETER); >> - /* fall through */ >> - case TSS_TCSCAP_VERSION: >> + case TSS_TCSCAP_ALG: /* fall through for options below */ >> case TSS_TCSCAP_CACHING: >> - case TSS_TCSCAP_PERSSTORAGE: >> case TSS_TCSCAP_MANUFACTURER: >> case TSS_TCSCAP_TRANSPORT: >> case TSS_TCSCAP_PLATFORM_CLASS: >> + if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap) >> + return TSPERR(TSS_E_BAD_PARAMETER); >> + >> result = RPC_GetCapability(tspContext, capArea, >> ulSubCapLength, rgbSubCap, >> pulRespDataLength, >> prgbRespData); >> break; >> + case TSS_TCSCAP_VERSION: >> + case TSS_TCSCAP_PERSSTORAGE: >> + result = RPC_GetCapability(tspContext, capArea, >> + ulSubCapLength ? ulSubCapLength : >> sizeof(UINT32), >> + rgbSubCap ? rgbSubCap : &dummy_val, >> + pulRespDataLength, prgbRespData); >> + break; >> default: >> LogDebug("Invalid capArea: 0x%x", capArea); >> result = TSPERR(TSS_E_BAD_PARAMETER); ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
