You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.2 KiB
39 lines
1.2 KiB
From 0f122ba3f7bdee12f8ee725db41d90e737fb3e49 Mon Sep 17 00:00:00 2001
|
|
From: Juergen Repp <juergen_repp@web.de>
|
|
Date: Tue, 31 Oct 2023 11:29:50 +0100
|
|
Subject: [PATCH 5/6] tpm2_checkquote: Fix check of magic number.
|
|
|
|
It was not checked whether the magic number in the
|
|
attest is equal to TPM2_GENERATED_VALUE.
|
|
So an malicious attacker could generate arbitrary quote data
|
|
which was not detected by tpm2 checkquote.
|
|
|
|
Fixes: CVE-2024-29038
|
|
|
|
Signed-off-by: Juergen Repp <juergen_repp@web.de>
|
|
---
|
|
tools/misc/tpm2_checkquote.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c
|
|
index 8a2a154e..5083d855 100644
|
|
--- a/tools/misc/tpm2_checkquote.c
|
|
+++ b/tools/misc/tpm2_checkquote.c
|
|
@@ -146,6 +146,13 @@ static bool verify(void) {
|
|
goto err;
|
|
}
|
|
|
|
+ // check magic
|
|
+ if (ctx.attest.magic != TPM2_GENERATED_VALUE) {
|
|
+ LOG_ERR("Bad magic, got: 0x%x, expected: 0x%x",
|
|
+ ctx.attest.magic, TPM2_GENERATED_VALUE);
|
|
+ return false;
|
|
+ }
|
|
+
|
|
// Also ensure digest from quote matches PCR digest
|
|
if (ctx.flags.pcr) {
|
|
if (!tpm2_util_verify_digests(&ctx.attest.attested.quote.pcrDigest,
|
|
--
|
|
2.45.2
|
|
|