diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2023-10-17 17:45:52 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-10-18 00:47:02 +0200 |
| commit | a3ad5c3140b941d3703c63c902e58f4e2d295829 (patch) | |
| tree | c656aecf381240fb4701ad33c1a0d852ef886d66 | |
| parent | Merge pull request #29441 from evelikov/no-input-delay (diff) | |
| download | systemd-a3ad5c3140b941d3703c63c902e58f4e2d295829.tar.xz systemd-a3ad5c3140b941d3703c63c902e58f4e2d295829.zip | |
repart: avoid use of uninitialized TPM2B_PUBLIC data
The 'TPM2B public' struct is only initialized if the public key
is non-NULL, however, it is unconditionally passed to
tpm2_calculate_sealing_policy, resulting in use of uninitialized
data. If the uninitialized data is lucky enough to be all zeroes,
this results eventually results in an error message from
tpm2_calculate_name about an unsupported nameAlg field value.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
| -rw-r--r-- | src/partition/repart.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/partition/repart.c b/src/partition/repart.c index 91cb87a7b9..20c30c1e15 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -3825,7 +3825,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta } TPM2B_DIGEST policy = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE); - r = tpm2_calculate_sealing_policy(arg_tpm2_hash_pcr_values, arg_tpm2_n_hash_pcr_values, &public, /* use_pin= */ false, &policy); + r = tpm2_calculate_sealing_policy(arg_tpm2_hash_pcr_values, arg_tpm2_n_hash_pcr_values, pubkey ? &public : NULL, /* use_pin= */ false, &policy); if (r < 0) return log_error_errno(r, "Could not calculate sealing policy digest: %m"); |