search

tpm2-software / tpm2-tools

The source repository for the Trusted Platform Module (TPM2.0) tools
https://tpm2-software.github.io
717 stars 378 forks source link

tpm2_createpolicy segfaults if more than 12 PCRs are specified #1093

Closed oberien closed 5 years ago

oberien commented 6 years ago

When executing the following command with tpm2-tools 3.0.4

sudo tpm2_createpolicy -T device -f policy_pcr.file -P -g sha1 -L sha1:0,1,2,3,4,5,6,7,8,9,10,11,12

if more than 12 registers are specified (like 13 in this example), the function Tss2_Sys_GetTctiContext segfaults in the function sapi_teardown_full. The passed sapi_context pointer points to nonexistent memory according to gdb.

The policy is sucessfully written to the file, because it only segfaults in the teardown after command execution is finished.

https://github.com/tpm2-software/tpm2-tools/blob/12bfda88f02fa056ac10fbe8f1f901afa9b0ee67/tools/tpm2_tool.c#L59-L69

williamcroberts commented 5 years ago

Appears fixed on 9381559b055b4b7:

$ tpm2_pcrlist -L sha1:0,1,2,3,4,5,6,7,8,9,10,11,12 -o pcrs.out
$ tpm2_createpolicy --policy-pcr -F pcrs.out -g sha1 -L sha1:0,1,2,3,4,5,6,7,8,9,10,11,12 -o policy.dat
ERROR: Number of PCR is limited to 8
ERROR: Could not build pcr policy
ERROR: Unable to run tpm2_createpolicy
williamcroberts commented 5 years ago

Duplicate of #778