[PATCH] tpm: sysfs function buffer size fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-04-11 at 11:18 -0700, Andrew Morton wrote:
> Kylene Jo Hall <[email protected]> wrote:
> >
> > > Does that look OK?
> > 
> >  No this is not ok because in several of these cases the response to the
> >  command is longer than tpm_cap thus the reason for the hardcoded size.
> 
> OK.
> 
> >  I can put in a max function though that compares the size of the
> >  response and the tpm_cap.  The read functions will make sure the
> >  response does not overflow the buffer should that length ever change in
> >  the future.
> 
> Well, pretty much anything which will automatically increase the size of
> that array in response to changing data structures would suit, thanks.

Will do.  Fixed in this patch for all the sysfs files.

This patch will determine the size of the buffer in the sysfs functions
based on the size of the command structure(s), such as tpm_cap, and the
known amount of data the command will return.  The receive functions are
smart enough not to overflow the buffer should the command response
change.

Signed-off-by: Kylie Hall <[email protected]>
---
 drivers/char/tpm/tpm.c |   15 +++++++--------
 1 files changed, 7 insertions(+), 8 deletions(-)

--- linux-2.6.17-rc1-mm2/drivers/char/tpm/tpm.c	2006-04-11 14:56:13.311776750 -0500
+++ linux-2.6.17-rc1/drivers/char/tpm/tpm.c	2006-04-11 15:03:29.427032250 -0500
@@ -490,7 +490,7 @@ static ssize_t transmit_cmd(struct tpm_c
 
 void tpm_gen_interrupt(struct tpm_chip *chip)
 {
-	u8 data[30];
+	u8 data[max(ARRAY_SIZE(tpm_cap), 30)];
 	ssize_t rc;
 
 	memcpy(data, tpm_cap, sizeof(tpm_cap));
@@ -504,7 +504,7 @@ EXPORT_SYMBOL_GPL(tpm_gen_interrupt);
 
 void tpm_get_timeouts(struct tpm_chip *chip)
 {
-	u8 data[30];
+	u8 data[max(ARRAY_SIZE(TPM_CAP), 30)];
 	ssize_t rc;
 	u32 timeout;
 
@@ -564,7 +564,6 @@ EXPORT_SYMBOL_GPL(tpm_get_timeouts);
 
 void tpm_continue_selftest(struct tpm_chip *chip)
 {
-
 	u8 data[] = {
 		0, 193,			/* TPM_TAG_RQU_COMMAND */
 		0, 0, 0, 10,		/* length */
@@ -578,7 +577,7 @@ EXPORT_SYMBOL_GPL(tpm_continue_selftest)
 ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr,
 			char *buf)
 {
-	u8 data[35];
+	u8 data[max(ARRAY_SIZE(tpm_cap), 30)];
 	ssize_t rc;
 
 	struct tpm_chip *chip = dev_get_drvdata(dev);
@@ -600,7 +599,7 @@ EXPORT_SYMBOL_GPL(tpm_show_enabled);
 ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr,
 			char *buf)
 {
-	u8 data[35];
+	u8 data[max(ARRAY_SIZE(tpm_cap), 35)];
 	ssize_t rc;
 
 	struct tpm_chip *chip = dev_get_drvdata(dev);
@@ -673,7 +672,7 @@ static const u8 pcrread[] = {
 ssize_t tpm_show_pcrs(struct device *dev, struct device_attribute *attr,
 		      char *buf)
 {
-	u8 data[30];
+	u8 data[max(max(ARRAY_SIZE(tpm_cap), ARRAY_SIZE(pcrread)), 30)];
 	ssize_t rc;
 	int i, j, num_pcrs;
 	__be32 index;
@@ -790,7 +789,7 @@ static const u8 cap_version[] = {
 ssize_t tpm_show_caps(struct device *dev, struct device_attribute *attr,
 		      char *buf)
 {
-	u8 data[30];
+	u8 data[max(max(ARRAY_SIZE(tpm_cap), ARRAY_SIZE(cap_version)), 30)];
 	ssize_t rc;
 	char *str = buf;
 
@@ -830,7 +829,7 @@ EXPORT_SYMBOL_GPL(tpm_show_caps);
 ssize_t tpm_show_caps_1_2(struct device * dev,
 			  struct device_attribute * attr, char *buf)
 {
-	u8 data[30];
+	u8 data[max(max(ARRAY_SIZE(tpm_cap), ARRAY_SIZE(cap_version)), 30)];
 	ssize_t len;
 	char *str = buf;
 


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux