Overview

File 0001-tpm2_checkquote-Fix-check-of-magic-number.patch of Package tpm2.0-tools

From 66d922d6547b7b4fe4f274fb2ec10b376e0e259c Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Tue, 31 Oct 2023 11:29:50 +0100
Subject: [PATCH] tpm2_checkquote: Fix check of magic number.

It was not checked whether the magic number in the
attest is equal to TPM2_GENERATED_VALUE.
So an malicious attacker could generate arbitrary quote data
which was not detected by tpm2 checkquote.

Fixes: CVE-2024-29038

Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
 tools/misc/tpm2_checkquote.c | 7 +++++++
 1 file changed, 7 insertions(+)

Index: tpm2-tools-5.2/tools/misc/tpm2_checkquote.c
===================================================================
--- tpm2-tools-5.2.orig/tools/misc/tpm2_checkquote.c
+++ tpm2-tools-5.2/tools/misc/tpm2_checkquote.c
@@ -115,6 +115,13 @@ static bool verify(void) {
         goto err;
     }
 
+    // check magic
+    if (ctx.attest.magic != TPM2_GENERATED_VALUE) {
+        LOG_ERR("Bad magic, got: 0x%x, expected: 0x%x",
+                ctx.attest.magic, TPM2_GENERATED_VALUE);
+        return false;
+    }
+
     // Also ensure digest from quote matches PCR digest
     if (ctx.flags.pcr) {
         if (!tpm2_util_verify_digests(&ctx.attest.attested.quote.pcrDigest,
openSUSE Build Service is sponsored by
Places