search

tpm2-software / tpm2-tools

The source repository for the Trusted Platform Module (TPM2.0) tools
https://tpm2-software.github.io
725 stars 379 forks source link

Various `illegal seek`s caused by file size sniffing #2789

Open grahamc opened 3 years ago

grahamc commented 3 years ago

Today I've run in to illegal seek errors due to passing in pipes to tpm2 create --sealing-input, and the file: authorization format. This is because the code to read from stdin special cases - and doesn't check the file size. However, there are many cases where a file size is not available.

The code in question is here:

https://github.com/tpm2-software/tpm2-tools/blob/e6f50be2d7348385df8f25bd08b1a5bc06da6e47/lib/files.c#L134-L148

and I see the value of the error message, but I wonder if it would be better to emit the error if the buffer is full if there are more bytes to read after calling readx?

In general not being able to pass pipes makes it harder to avoid putting secrets on disk or in argv while passing them to the tpm.

An example of passing a pipe:

[nix-shell:~/what]# tpm2 create --parent-context=primary.ctx --key-auth=file:- --sealing-input <(dd if=/dev/urandom bs=32 count=1 | base64) --public=secret.pub --private=secret.priv
1+0 records in
1+0 records out
32 bytes copied, 4.9888e-05 s, 641 kB/s
ERROR: Error getting current file offset for file "/dev/fd/63" error: Illegal seek
ERROR: Unable to run create
williamcroberts commented 3 years ago

Yeah we could probably just avoid fseek/ftell altogether and read up to X requested bytes and fail if not EOF state.