You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
case TPM_ALG_KEYEDHASH is missing the break statement at the end (line 180), causing the code execution to flow to the next case (TPM_ALG_SYMCIPHER). OutPublic->publicArea.parameters.keyedHashDetail is a union with OutPublic->publicArea.parameters.symDetail, so this means the unmarshaled data in case TPM_ALG_KEYEDHASH would be overwritten in case TPM_ALG_SYMCIPHER.
In addition, the buffer pointer is advanced in each TPM_ALG_XXX case, so the incorrect flow through to case TPM_ALG_SYMCIPHER would advance buffer more than it should, causing subsequent unmarshalling to go beyond the correct bounds.
The text was updated successfully, but these errors were encountered:
edk2/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
Lines 162 to 190 in 8f698f0
case TPM_ALG_KEYEDHASH
is missing the break statement at the end (line 180), causing the code execution to flow to the next case (TPM_ALG_SYMCIPHER
).OutPublic->publicArea.parameters.keyedHashDetail
is a union withOutPublic->publicArea.parameters.symDetail
, so this means the unmarshaled data incase TPM_ALG_KEYEDHASH
would be overwritten incase TPM_ALG_SYMCIPHER
.In addition, the
buffer
pointer is advanced in eachTPM_ALG_XXX
case, so the incorrect flow through tocase TPM_ALG_SYMCIPHER
would advancebuffer
more than it should, causing subsequent unmarshalling to go beyond the correct bounds.The text was updated successfully, but these errors were encountered: