commit | b7cd1deaa9c3151d7501ffcb1b507679b1cc6855 | [log] [tgz] |
---|---|---|
author | Daniel Mueller <deso@posteo.net> | Sun Apr 16 22:53:45 2017 -0700 |
committer | Philip Tricca <philip.b.tricca@intel.com> | Wed May 03 08:20:15 2017 -0700 |
tree | ed32cc1eb8e980a7c9ff4851c26a7e130c5354ea | |
parent | a43c48fe781db54158a69f3e058a6740d8883e30 [diff] |
fix off-by-one error in CheckOverflow The overflow check as provided by CheckOverflow contains an off-by-one error causing an out-of-bounds read by one byte to not be detected properly. The used size should be calculated as usedSize = (INT64)(nextData - buffer) + size; and not usedSize = (INT64)(nextData - buffer) - 1 + size; For the latter case, consider the attempt of reading the very first two bytes from a buffer of one byte size. 'usedSize' will be 1 (0x1000 - 0x1000 - 1 + 2). Because 'usedSize' is not greater than 'bufferSize' (also 1), we will not detect the out-of-bounds read. This change fixes the issue by removing the addend of -1.
This stack consists of the following layers from top to bottom:
Since the FAPI and ESAPI haven't been implemented yet, this repository only contains the SAPI and layers below it, plus a test application for exercising the SAPI.
The test application, tpmclient, tests many of the commands against the TPM 2.0 simulator. The tpmclient application can be altered and used as a sandbox to test and develop any TPM 2.0 command sequences, and provides an excellent development and learning vehicle.
TPM 2.0 specifications can be found at Trusted Computing Group.