1. 25 Sep, 2011 12 commits
  2. 23 Sep, 2011 26 commits
  3. 22 Sep, 2011 2 commits
    • Peter Huewe's avatar
      TPM: Zero buffer after copying to userspace · 3321c07a
      Peter Huewe authored
      Since the buffer might contain security related data it might be a good idea to
      zero the buffer after we have copied it to userspace.
      
      This got assigned CVE-2011-1162.
      Signed-off-by: default avatarRajiv Andrade <srajiv@linux.vnet.ibm.com>
      Cc: Stable Kernel <stable@kernel.org>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      3321c07a
    • Peter Huewe's avatar
      TPM: Call tpm_transmit with correct size · 6b07d30a
      Peter Huewe authored
      This patch changes the call of tpm_transmit by supplying the size of the
      userspace buffer instead of TPM_BUFSIZE.
      
      This got assigned CVE-2011-1161.
      
      [The first hunk didn't make sense given one could expect
       way less data than TPM_BUFSIZE, so added tpm_transmit boundary
       check over bufsiz instead
       The last parameter of tpm_transmit() reflects the amount
       of data expected from the device, and not the buffer size
       being supplied to it. It isn't ideal to parse it directly,
       so we just set it to the maximum the input buffer can handle
       and let the userspace API to do such job.]
      Signed-off-by: default avatarRajiv Andrade <srajiv@linux.vnet.ibm.com>
      Cc: Stable Kernel <stable@kernel.org>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      6b07d30a