resource-manager.c:965:get_cap_post_process: assertion failed

[williamcroberts]

ERROR:src/resource-manager.c:965:get_cap_post_process: assertion failed: (tpm2_response_get_code (resp) == TSS2_RC_SUCCESS)
TPM command server listening on port 2321
Platform server listening on port 2322

By code:

TPMS_CAPABILITY_DATA *cap_data = NULL;
TPMI_YES_NO more_data = TPM2_NO;
TSS2_RC rc = Esys_GetCapability(ectx,
    ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
    TPM2_CAP_TPM_PROPERTIES,
    TPM2_PT_VAR,
    TPM2_MAX_TPM_PROPERTIES,
    &more_data, &cap_data);

Yes I understand the session is wrong... but it triggers this condition.

[tstruk]

Esys_GetCapability() only allows audit sessions or no session. Change ESYS_TR_PASSWORD to ESYS_TR_NONE.

[williamcroberts]

Esys_GetCapability() only allows audit sessions or no session. Change ESYS_TR_PASSWORD to ESYS_TR_NONE.

Yes I'm aware the code shouldn't work, but it is causing tpm2-abrmd to stop running. Misbehaving clients shouldn't kill the service.

[tstruk]

The reason why it stops running is because it is build in debug mode. g_assert is a debug macro and should be compiled out in the release build.

[williamcroberts]

The reason why it stops running is because it is build in debug mode. g_assert is a debug macro and should be compiled out in the release build.

I get that, i really do, but a debug build shouldn't make assertions on clients like this. Assertions should be on internal state not external state that hasn't been filtered or that is not within control of the program.

So I'll make this more clear, that assertion should be removed and either made to return an RM error to the client or just let the TPM return that error, so release and debug builds behave the same