diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2022-12-01 16:24:15 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2022-12-01 16:36:58 -0500 |
commit | b29730578bc1cf072953e4ace0492d916588eaeb (patch) | |
tree | 1f29f28e4abcfca4b45244ff40c0a081520fd672 | |
parent | b75b7d23351d3efb62317521fbbdf9177bacf1d4 (diff) | |
download | openssl_tpm2_engine-b29730578bc1cf072953e4ace0492d916588eaeb.tar.gz |
create_tpm2_key: fix uninitialized data problem
pcr_lock is created as an on stack variable and then updated
additively. On some platforms, the stack isn't zero, so it contains
bogus PCR settings that are never cleared which show up as additional
PCRs in the range the user hadn't requested. Fix this by zeroing the
entire on-stack structure before using it.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | create_tpm2_key.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/create_tpm2_key.c b/create_tpm2_key.c index 530512d..d73071e 100644 --- a/create_tpm2_key.c +++ b/create_tpm2_key.c @@ -821,11 +821,9 @@ int main(int argc, char **argv) ENCRYPTED_SECRET_2B secret, *enc_secret = NULL; int restricted = 0; char *parent_str = NULL; - TPML_PCR_SELECTION pcr_lock; + TPML_PCR_SELECTION pcr_lock = { 0 }; int has_policy = 0; - pcr_lock.count = 0; - OpenSSL_add_all_digests(); /* may be needed to decrypt the key */ OpenSSL_add_all_ciphers(); |