Skip to content

Commit

Permalink
TPM2: Added check when parsing TPMLPCRSelection in case of selection …
Browse files Browse the repository at this point in the history
…of a PCR's index which exceeds max value permitted (#204)

* TPM2: Added check when parsing TPMLPCRSelection in case of selection of a PCR's index which exceeds 8*sizeOfPCRSelect-1 to avoid panic runtime error

The current implementation makes use of `sizeOfPCRSelect` set to `3`. This means that the maximum size of the `pcrSelect` byte array in `tpmsPCRSelection` is `3`, which means it can only deal with the selection of PCRs from 0 to 23. Attempting to select PCR 24 for example (which might exist on some TPMs) leads to a 'panic: runtime error: index out of range [3] with length 3' since `ts.PCRs[byteNum] |= bytePos` tries to access index 3 of the byte array, which is out of range.

This can be fixed by adding a check beforehand, and skipping the PCR if it's index exceeds the maximum value permitted, independently of the value of `sizeOfPCRSelect`.

Signed-off-by: El Mostafa IDRASSI <mostafa.idrassi@tutanota.com>

* Return an error instead of skipping PCR indexes that are out of range.

Signed-off-by: El Mostafa IDRASSI <mostafa.idrassi@tutanota.com>
  • Loading branch information
ElMostafaIdrassi authored Oct 30, 2020
1 parent 289acaa commit 8ec0c60
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions tpm2/tpm2.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ func encodeTPMLPCRSelection(sel ...PCRSelection) ([]byte, error) {

// s[i].PCRs parameter is indexes of PCRs, convert that to set bits.
for _, n := range s.PCRs {
if n >= 8*sizeOfPCRSelect {
return nil, fmt.Errorf("PCR index %d is out of range (exceeds maximum value %d)", n, 8*sizeOfPCRSelect-1)
}
byteNum := n / 8
bytePos := byte(1 << byte(n%8))
ts.PCRs[byteNum] |= bytePos
Expand Down

0 comments on commit 8ec0c60

Please sign in to comment.