packages/swtpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:0f99996888ba7cf02562f5edd2fcf62b349a2691
Branches Tags
packages:main
...
compare: packages:d4b388ce2d62832a254d63eb676d7a7b1a3c51e4
Branches Tags
packages:main

10 Commits
0f99996888 ... d4b388ce2d

Author SHA1 Message Date
openeuler-ci-bot
d4b388ce2d
!33 Addressed potential symlink attack issue (CVE-2020-28407) 
Addressed potential symlink attack issue (CVE-2020-28407)
https://gitee.com/src-openeuler/swtpm/issues/I5EXUA?from=project-issue 
From: @yezengruan 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-07-05 02:51:51 +00:00
yezengruan
8f7e1b6e60 Addressed potential symlink attack issue (CVE-2020-28407) 2022-07-05 10:30:59 +08:00
openeuler-ci-bot
594f90b176
!22 Disable broken test 
From: @lyn1001 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-03-18 01:10:36 +00:00
lyn1001
cf4868cd02 Disable broken test 2022-03-17 20:38:11 +08:00
openeuler-ci-bot
de62bdf1c2
!18 [sync] PR-14: Fix CVE-2022-23645 
From: @openeuler-sync-bot 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-03-10 08:53:46 +00:00
starlet-dx
45fd9b3c6e Fix CVE-2022-23645 
(cherry picked from commit 14ee956af0f4185caeca283b9dc6f2c7e152c4c0)
 2022-03-10 10:33:31 +08:00
openeuler-ci-bot
3bf960771a !10 Update spec file including source0 and disable test case pkcs11 
From: @jackjf
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
 2020-09-17 12:04:51 +08:00
jiangfangjie
1880520470 update spec file and disable test case pkcs11 
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
 2020-09-15 19:29:34 +08:00
openeuler-ci-bot
8978e83da5 !2 Add swtpm project 
Merge pull request !2 from JackJF/master
 2020-08-25 18:41:18 +08:00
jiangfangjie
69ca697b17 delete python3-twisted 
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
 2020-08-25 12:52:55 +08:00
10 changed files with 690 additions and 7 deletions
Show Stats Expand all files Collapse all files

51
0000-swtpm-Check-header-size-indicator-against-expected-s.patch Normal file
View File

@ -0,0 +1,51 @@
From c518445f9fddc786f191f4f5926bf483fa2bd1ff Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Wed, 16 Feb 2022 11:17:47 -0500
Subject: [PATCH] swtpm: Check header size indicator against expected size (CID
375869)
This fix addresses Coverity issue CID 375869 (CVE-2022-23645).
Check the header size indicated in the header of the state against the
expected size and return an error code in case the header size indicator
is different. There was only one header size so far since blobheader was
introduced, so we don't need to deal with different sizes.
Without this fix a specially crafted header could cause out-of-bounds
accesses on the byte array containing the swtpm's state.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index dc7cfbf1..0efb9da8 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -1260,6 +1260,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
uint8_t *hdrversion, bool quiet)
{
blobheader *bh = (blobheader *)data;
+ uint16_t hdrsize;
if (length < sizeof(bh)) {
if (!quiet)
@@ -1285,8 +1286,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
return TPM_BAD_VERSION;
}
+ hdrsize = ntohs(bh->hdrsize);
+ if (hdrsize != sizeof(blobheader)) {
+ logprintf(STDERR_FILENO,
+ "bad header size: %u != %zu\n",
+ hdrsize, sizeof(blobheader));
+ return TPM_BAD_DATASIZE;
+ }
+
*hdrversion = bh->version;
- *dataoffset = ntohs(bh->hdrsize);
+ *dataoffset = hdrsize;
*hdrflags = ntohs(bh->flags);
return TPM_SUCCESS;

25
0001-Disable-broken-tests.patch Normal file
View File

@ -0,0 +1,25 @@
diff -Nur swtpm-091be8054b5863ff86c5efcb072dcdd45e3696d1/tests/Makefile.am swtpm-091be8054b5863ff86c5efcb072dcdd45e3696d1_bak/tests/Makefile.am
--- swtpm-091be8054b5863ff86c5efcb072dcdd45e3696d1/tests/Makefile.am 2020-09-15 16:06:25.000000000 +0800
+++ swtpm-091be8054b5863ff86c5efcb072dcdd45e3696d1_bak/tests/Makefile.am 2022-03-17 20:24:52.148059099 +0800
@@ -70,8 +70,7 @@
if HAVE_TCSD
TESTS += \
- test_commandline \
- test_parameters
+ test_commandline
endif
if WITH_GNUTLS
@@ -82,11 +81,6 @@
test_tpm2_swtpm_cert \
test_tpm2_swtpm_cert_ecc \
test_tpm2_swtpm_setup_create_cert
-if HAVE_TCSD
-TESTS += \
- test_swtpm_setup_create_cert \
- test_samples_create_tpmca
-endif
endif
EXTRA_DIST=$(TESTS) \

164
0002-swtpm-Write-state-files-atomically-using-file-renami.patch Normal file
View File

@ -0,0 +1,164 @@
From b3a5dde7f5a8874084f978ea698a749d858e769a Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Fri, 2 Oct 2020 16:29:18 -0400
Subject: [PATCH 1/5] swtpm: Write state files atomically using file renaming
To support writing state files atomically we first write into
a temporary file and then rename it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 59 ++++++++++++++++++++++++++++++----------
1 file changed, 45 insertions(+), 14 deletions(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 6f3f937..3b928d0 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -132,7 +132,8 @@ static unsigned char *g_ivec;
static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename,
size_t bufsize,
uint32_t tpm_number,
- const char *name);
+ const char *name,
+ bool is_tempfile);
static TPM_RESULT SWTPM_NVRAM_EncryptData(const encryptionkey *key,
tlv_data *td,
@@ -312,7 +313,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
if (rc == 0) {
/* map name to the rooted filename */
rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
- tpm_number, name);
+ tpm_number, name, false);
}
if (rc == 0) {
@@ -473,6 +474,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
uint32_t lrc;
int irc;
FILE *file = NULL;
+ char tmpfile[FILENAME_MAX]; /* rooted temporary file */
char filename[FILENAME_MAX]; /* rooted file name from name */
unsigned char *filedata = NULL;
uint32_t filedata_length = 0;
@@ -484,16 +486,24 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
if (rc == 0) {
/* map name to the rooted filename */
rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
- tpm_number, name);
+ tpm_number, name, false);
}
+
+ if (rc == 0) {
+ /* map name to the rooted temporary file */
+ rc = SWTPM_NVRAM_GetFilenameForName(tmpfile, sizeof(tmpfile),
+ tpm_number, name, true);
+ }
+
+
if (rc == 0) {
/* open the file */
- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", filename);
- file = fopen(filename, "wb"); /* closed @1 */
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", tmpfile);
+ file = fopen(tmpfile, "wb"); /* closed @1 */
if (file == NULL) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Error (fatal) opening %s for "
- "write failed, %s\n", filename, strerror(errno));
+ "write failed, %s\n", tmpfile, strerror(errno));
rc = TPM_FAIL;
}
}
@@ -502,7 +512,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
if (fchmod(fileno(file), tpmstate_get_mode()) < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Could not fchmod %s : %s\n",
- filename, strerror(errno));
+ tmpfile, strerror(errno));
rc = TPM_FAIL;
}
}
@@ -548,7 +558,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
if (file != NULL) {
- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", filename);
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", tmpfile);
irc = fclose(file); /* @1 */
if (irc != 0) {
logprintf(STDERR_FILENO,
@@ -556,12 +566,24 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
rc = TPM_FAIL;
}
else {
- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closed file %s\n", filename);
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closed file %s\n", tmpfile);
+ }
+ }
+
+ if (rc == 0 && file != NULL) {
+ irc = rename(tmpfile, filename);
+ if (irc != 0) {
+ logprintf(STDERR_FILENO,
+ "SWTPM_NVRAM_StoreData: Error (fatal) renaming file: %s\n",
+ strerror(errno));
+ rc = TPM_FAIL;
+ } else {
+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Renamed file to %s\n", filename);
}
}
if (rc != 0 && file != NULL) {
- unlink(filename);
+ unlink(tmpfile);
}
tlv_data_free(td, td_len);
@@ -585,12 +607,16 @@ TPM_RESULT SWTPM_NVRAM_StoreData(const unsigned char *data,
The filename is of the form:
state_directory/tpm_number.name
+
+ A temporary filename used to write to may be created. It shold be rename()'d to
+ the non-temporary filename.
*/
static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, /* output: rooted filename */
size_t bufsize,
uint32_t tpm_number,
- const char *name) /* input: abstract name */
+ const char *name, /* input: abstract name */
+ bool is_tempfile) /* input: is temporary file? */
{
TPM_RESULT res = TPM_SUCCESS;
int n;
@@ -606,8 +632,13 @@ static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, /* outpu
break;
}
- n = snprintf(filename, bufsize, "%s/tpm%s-%02lx.%s",
- state_directory, suffix, (unsigned long)tpm_number, name);
+ if (is_tempfile) {
+ n = snprintf(filename, bufsize, "%s/TMP%s-%02lx.%s",
+ state_directory, suffix, (unsigned long)tpm_number, name);
+ } else {
+ n = snprintf(filename, bufsize, "%s/tpm%s-%02lx.%s",
+ state_directory, suffix, (unsigned long)tpm_number, name);
+ }
if ((size_t)n > bufsize) {
res = TPM_FAIL;
}
@@ -638,7 +669,7 @@ TPM_RESULT SWTPM_NVRAM_DeleteName(uint32_t tpm_number,
TPM_DEBUG(" SWTPM_NVRAM_DeleteName: Name %s\n", name);
/* map name to the rooted filename */
rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
- tpm_number, name);
+ tpm_number, name, false);
if (rc == 0) {
irc = remove(filename);
if ((irc != 0) && /* if the remove failed */
--
2.27.0

77
0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch Normal file
View File

@ -0,0 +1,77 @@
From ba12415fca1a3891a1386698eab09735a025d7ea Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:40:35 -0500
Subject: [PATCH 2/5] swtpm_cert: Switch to open() from fopen() for writing
certificate
Switch to open from fopen() and make sure we do not follow symlinks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm_cert/ek-cert.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c
index 651d60f..0e0b4b1 100644
--- a/src/swtpm_cert/ek-cert.c
+++ b/src/swtpm_cert/ek-cert.c
@@ -51,6 +51,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <getopt.h>
+#include <sys/stat.h>
#include <arpa/inet.h>
@@ -995,7 +996,7 @@ main(int argc, char *argv[])
unsigned long long serial = 1;
time_t now;
int err;
- FILE *cert_file;
+ int cert_file_fd;
const char *subject = NULL;
const char *error = NULL;
int days = 365;
@@ -1675,8 +1676,9 @@ if (_err != GNUTLS_E_SUCCESS) { \
? GNUTLS_X509_FMT_PEM
: GNUTLS_X509_FMT_DER, &out);
if (cert_filename) {
- cert_file = fopen(cert_filename, "wb");
- if (cert_file == NULL) {
+ cert_file_fd = open(cert_filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ S_IRUSR|S_IWUSR);
+ if (cert_file_fd < 0) {
fprintf(stderr, "Could not open %s for writing the certificate: %s\n",
cert_filename,
strerror(errno));
@@ -1691,22 +1693,22 @@ if (_err != GNUTLS_E_SUCCESS) { \
},
.tag = htobe16(TCG_TAG_PCCLIENT_FULL_CERT),
};
- if (sizeof(hdr) != fwrite(&hdr, 1, sizeof(hdr), cert_file)) {
+ if (sizeof(hdr) != write(cert_file_fd, &hdr, sizeof(hdr))) {
fprintf(stderr, "Could not write certificate header: %s\n",
strerror(errno));
- fclose(cert_file);
+ close(cert_file_fd);
unlink(cert_filename);
goto cleanup;
}
}
- if (out.size != fwrite(out.data, 1, out.size, cert_file)) {
+ if ((ssize_t)out.size != write(cert_file_fd, out.data, out.size)) {
fprintf(stderr, "Could not write certificate into file: %s\n",
strerror(errno));
- fclose(cert_file);
+ close(cert_file_fd);
unlink(cert_filename);
goto cleanup;
}
- fclose(cert_file);
+ close(cert_file_fd);
} else {
fprintf(stdout, "%s\n", out.data);
}
--
2.27.0

32
0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch Normal file
View File

@ -0,0 +1,32 @@
From 15a0b58ca43ccbae26d1a1e7718d7d8bd2c2add2 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:45:40 -0500
Subject: [PATCH 3/5] swtpm: Do not follow symlinks when opening lockfile
(CVE-2020-28407)
This patch addresses CVE-2020-28407.
Prevent us from following symliks when we open the lockfile
for writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 3b928d0..8a6621b 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -210,7 +210,7 @@ static TPM_RESULT SWTPM_NVRAM_Lock_Lockfile(const char *directory,
return TPM_FAIL;
}
- *fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC, 0660);
+ *fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, 0660);
if (*fd < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_Lock_Lockfile: Could not open lockfile: %s\n",
--
2.27.0

103
0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch Normal file
View File

@ -0,0 +1,103 @@
From 934603eb6adb2d646364132bbac7bdb30ccb97bf Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 22:21:23 -0500
Subject: [PATCH 4/5] swtpm: Switch to open() from fopen() for the pidfile
(CVE-2020-28407)
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when creating a pidfile.
Also prevent us from following symbolic links when opening the pidfile for
writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/pidfile.c | 41 ++++++++++++++++++++++++++---------------
1 file changed, 26 insertions(+), 15 deletions(-)
diff --git a/src/swtpm/pidfile.c b/src/swtpm/pidfile.c
index f9d18ad..afca5b0 100644
--- a/src/swtpm/pidfile.c
+++ b/src/swtpm/pidfile.c
@@ -37,11 +37,13 @@
#include "config.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
-#include <unistd.h>
#include "pidfile.h"
#include "logging.h"
@@ -77,40 +79,49 @@ int pidfile_set_fd(int newpidfilefd)
*/
int pidfile_write(pid_t pid)
{
- FILE *f;
+ int fd;
+ char buffer[32];
+ ssize_t nwritten;
if (g_pidfile) {
- f = fopen(g_pidfile, "w+");
+ fd = open(g_pidfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
} else if (pidfilefd >= 0) {
- f = fdopen(pidfilefd, "w");
- if (f) {
- g_pidfile = fd_to_filename(pidfilefd);
- if (!g_pidfile)
- goto error;
- }
+ fd = pidfilefd;
+ g_pidfile = fd_to_filename(pidfilefd);
+ if (!g_pidfile)
+ goto error;
} else {
return 0;
}
- if (!f) {
+ if (fd < 0) {
logprintf(STDERR_FILENO, "Could not open pidfile %s : %s\n",
g_pidfile, strerror(errno));
goto error;
}
- if (fprintf(f, "%d", pid) < 0) {
+ if (snprintf(buffer, sizeof(buffer), "%d", pid) >= (int)sizeof(buffer)) {
+ logprintf(STDERR_FILENO, "Could not write pid to buffer\n");
+ goto error_close;
+ }
+
+ nwritten = write_full(fd, buffer, strlen(buffer));
+ if (nwritten < 0 || nwritten != (ssize_t)strlen(buffer)) {
logprintf(STDERR_FILENO, "Could not write to pidfile : %s\n",
strerror(errno));
- goto error;
+ goto error_close;
}
- fclose(f);
+ close(fd);
return 0;
+error_close:
+ if (fd != pidfilefd)
+ close(fd);
+
error:
- if (f)
- fclose(f);
return -1;
}
--
2.27.0

211
0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch Normal file
View File

@ -0,0 +1,211 @@
From 44eacbca5bdb4baba226551a60a4e2e474b491cc Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:41:54 -0500
Subject: [PATCH 5/5] swtpm: Use open() (not fopen()) when accessing statefile
(CVE-2020-28407)
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when accessing
the statefile and make sure we do not follow symlinks using O_NOFOLLOW.
The modification does not allow an attacker to create a symbolic link
with the name of the temporary file (TMP2-00.permall for TPM 2) and
have this point to a valueable file and swtpm ends up overwriting the
file. The success of the attack depends on the attacker having access
to the TPM's state directory (--tpmstate dir=...).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm/swtpm_nvfile.c | 67 +++++++++++++---------------------------
1 file changed, 21 insertions(+), 46 deletions(-)
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 8a6621b..12f10b9 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -88,6 +88,7 @@
#include "tpmstate.h"
#include "tpmlib.h"
#include "tlv.h"
+#include "utils.h"
/* local structures */
typedef struct {
@@ -295,16 +296,16 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
const char *name)
{
TPM_RESULT rc = 0;
- long lrc;
size_t src;
int irc;
- FILE *file = NULL;
+ int fd = -1;
char filename[FILENAME_MAX]; /* rooted file name from name */
unsigned char *decrypt_data = NULL;
uint32_t decrypt_length;
uint32_t dataoffset = 0;
uint8_t hdrversion = 0;
uint16_t hdrflags;
+ struct stat statbuf;
TPM_DEBUG(" SWTPM_NVRAM_LoadData: From file %s\n", name);
*data = NULL;
@@ -318,8 +319,8 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
if (rc == 0) {
TPM_DEBUG(" SWTPM_NVRAM_LoadData: Opening file %s\n", filename);
- file = fopen(filename, "rb"); /* closed @1 */
- if (file == NULL) { /* if failure, determine cause */
+ fd = open(filename, O_RDONLY); /* closed @1 */
+ if (fd < 0) { /* if failure, determine cause */
if (errno == ENOENT) {
TPM_DEBUG("SWTPM_NVRAM_LoadData: No such file %s\n",
filename);
@@ -335,7 +336,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
}
if (rc == 0) {
- if (fchmod(fileno(file), tpmstate_get_mode()) < 0) {
+ if (fchmod(fd, tpmstate_get_mode()) < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_LoadData: Could not fchmod %s : %s\n",
filename, strerror(errno));
@@ -345,34 +346,16 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
/* determine the file length */
if (rc == 0) {
- irc = fseek(file, 0L, SEEK_END); /* seek to end of file */
+ irc = fstat(fd, &statbuf);
if (irc == -1L) {
logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_LoadData: Error (fatal) fseek'ing %s, %s\n",
+ "SWTPM_NVRAM_LoadData: Error (fatal) fstat'ing %s, %s\n",
filename, strerror(errno));
rc = TPM_FAIL;
}
}
if (rc == 0) {
- lrc = ftell(file); /* get position in the stream */
- if (lrc == -1L) {
- logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_LoadData: Error (fatal) ftell'ing %s, %s\n",
- filename, strerror(errno));
- rc = TPM_FAIL;
- }
- else {
- *length = (uint32_t)lrc; /* save the length */
- }
- }
- if (rc == 0) {
- irc = fseek(file, 0L, SEEK_SET); /* seek back to the beginning of the file */
- if (irc == -1L) {
- logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_LoadData: Error (fatal) fseek'ing %s, %s\n",
- filename, strerror(errno));
- rc = TPM_FAIL;
- }
+ *length = statbuf.st_size; /* save the length */
}
/* allocate a buffer for the actual data */
if ((rc == 0) && *length != 0) {
@@ -387,7 +370,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
}
/* read the contents of the file into the data buffer */
if ((rc == 0) && *length != 0) {
- src = fread(*data, 1, *length, file);
+ src = read(fd, *data, *length);
if (src != *length) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_LoadData: Error (fatal), data read of %u "
@@ -396,9 +379,9 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */
}
}
/* close the file */
- if (file != NULL) {
+ if (fd >= 0) {
TPM_DEBUG(" SWTPM_NVRAM_LoadData: Closing file %s\n", filename);
- irc = fclose(file); /* @1 */
+ irc = close(fd); /* @1 */
if (irc != 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_LoadData: Error (fatal) closing file %s\n",
@@ -473,7 +456,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
TPM_RESULT rc = 0;
uint32_t lrc;
int irc;
- FILE *file = NULL;
+ int fd = -1;
char tmpfile[FILENAME_MAX]; /* rooted temporary file */
char filename[FILENAME_MAX]; /* rooted file name from name */
unsigned char *filedata = NULL;
@@ -499,8 +482,9 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
if (rc == 0) {
/* open the file */
TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", tmpfile);
- file = fopen(tmpfile, "wb"); /* closed @1 */
- if (file == NULL) {
+ fd = open(tmpfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ tpmstate_get_mode()); /* closed @1 */
+ if (fd < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Error (fatal) opening %s for "
"write failed, %s\n", tmpfile, strerror(errno));
@@ -508,15 +492,6 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
- if (rc == 0) {
- if (fchmod(fileno(file), tpmstate_get_mode()) < 0) {
- logprintf(STDERR_FILENO,
- "SWTPM_NVRAM_StoreData: Could not fchmod %s : %s\n",
- tmpfile, strerror(errno));
- rc = TPM_FAIL;
- }
- }
-
if (rc == 0) {
if (encrypt && SWTPM_NVRAM_Has_FileKey()) {
td_len = 3;
@@ -549,7 +524,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
/* write the data to the file */
if (rc == 0) {
TPM_DEBUG(" SWTPM_NVRAM_StoreData: Writing %u bytes of data\n", length);
- lrc = fwrite(filedata, 1, filedata_length, file);
+ lrc = write_full(fd, filedata, filedata_length);
if (lrc != filedata_length) {
logprintf(STDERR_FILENO,
"TPM_NVRAM_StoreData: Error (fatal), data write "
@@ -557,9 +532,9 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
rc = TPM_FAIL;
}
}
- if (file != NULL) {
+ if (fd >= 0) {
TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", tmpfile);
- irc = fclose(file); /* @1 */
+ irc = close(fd); /* @1 */
if (irc != 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_StoreData: Error (fatal) closing file\n");
@@ -570,7 +545,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
- if (rc == 0 && file != NULL) {
+ if (rc == 0 && fd >= 0) {
irc = rename(tmpfile, filename);
if (irc != 0) {
logprintf(STDERR_FILENO,
@@ -582,7 +557,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data,
}
}
- if (rc != 0 && file != NULL) {
+ if (rc != 0 && fd >= 0) {
unlink(tmpfile);
}
--
2.27.0

BIN
swtpm-0.3.3.tar.gz
View File

Binary file not shown.

BIN
swtpm-091be80.tar.gz Normal file
View File

Binary file not shown.

34
swtpm.spec
View File

@ -1,5 +1,8 @@
%bcond_without gnutls
%global gitdate 20200710
%global gitcommit 091be8054b5863ff86c5efcb072dcdd45e3696d1
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7})
# Macros needed by SELinux
%global selinuxtype targeted
@ -9,10 +12,17 @@
Summary: TPM Emulator
Name: swtpm
Version: 0.3.3
Release: 1
Release: 5
License: BSD
Url: http://github.com/stefanberger/swtpm
Source0: %{url}/archive/%{name}-%{version}.tar.gz
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
Patch00: 0000-swtpm-Check-header-size-indicator-against-expected-s.patch
Patch01: 0001-Disable-broken-tests.patch
Patch02: 0002-swtpm-Write-state-files-atomically-using-file-renami.patch
Patch03: 0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch
Patch04: 0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch
Patch05: 0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch
Patch06: 0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch
BuildRequires: automake
BuildRequires: autoconf
@ -25,7 +35,6 @@ BuildRequires: net-tools
BuildRequires: openssl-devel
BuildRequires: socat
BuildRequires: python3
BuildRequires: python3-twisted
BuildRequires: softhsm
BuildRequires: trousers >= 0.3.9
BuildRequires: tpm-tools >= 1.3.8-6
@ -72,7 +81,7 @@ Requires: trousers >= 0.3.9 tpm-tools >= 1.3.8-6 expect bash net-tools gnu
Tools for the TPM emulator from the swtpm package
%prep
%autosetup -n %{name}-%{version}
%autosetup -n %{name}-%{gitcommit} -p1
%build
@ -158,10 +167,21 @@ fi
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
%dir %{_datadir}/swtpm
%{_datadir}/swtpm/swtpm-localca
%attr( 755, @TSS_USER@, @TSS_GROUP@) %{_localstatedir}/lib/swtpm-localca
%attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca
%changelog
* Mon Aug 24 2020 jiangfangjie <jiangfangjie> - 0.3.3-1
* Thu Jun 30 2022 yezengruan <yezengruan@huawei.com> - 0.3.3-5
- Addressed potential symlink attack issue (CVE-2020-28407)
* Thu Mar 17 2022 liyanan <liyanan32@huawei.com> - 0.3.3-4
- Disable broken test
* Wed Mar 9 2022 yaoxin <yaoxin30@huawei.com> - 0.3.3-3
- swtpm: Check header size indicator against expected size (CVE-2022-23645)
* Tue Sep 15 2020 jiangfangjie <jiangfangjie@huawei.com> - 0.3.3-2
- update spec file and disable test case pkcs11
* Mon Aug 24 2020 jiangfangjie <jiangfangjie@huawei.com> - 0.3.3-1
- Created initial version of rpm spec files
- Version is now 0.3.3
-