From: Andreas Steffen Date: Tue, 22 Nov 2011 21:29:40 +0000 (+0100) Subject: fixed memory leaks X-Git-Tag: 4.6.2~171 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2485f321d251f9d485390b799e8cd864ce82ddb;p=thirdparty%2Fstrongswan.git fixed memory leaks --- diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index 94773afe78..0e37a5f05f 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -422,8 +422,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, use_quote2 = lib->settings->get_bool(lib->settings, "libimcv.plugins.imc-attestation.use_quote2", TRUE); - - /* Quote */ if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig)) { DBG1(DBG_IMC, "error occured during TPM quote operation"); @@ -433,7 +431,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send Simple Evidence Final attribute */ flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 : PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; - comp_hash_algorithm == PTS_MEAS_ALGO_SHA1; + comp_hash_algorithm = PTS_MEAS_ALGO_SHA1; attr = tcg_pts_attr_simple_evid_final_create(flags, comp_hash_algorithm, pcr_composite, quote_sig); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index 194bb8b4db..5fa76121b3 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -318,18 +318,19 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (!pts->get_quote_info(pts, use_quote2, use_ver_info, comp_hash_algorithm, &pcr_composite, "e_info)) { - DBG1(DBG_IMV, "unable to compute TPM Quote Info"); + DBG1(DBG_IMV, "unable to construct TPM Quote Info"); return FALSE; } if (!chunk_equals(pcr_comp, pcr_composite)) { - DBG1(DBG_IMV, "received and computed PCR Composite match"); + DBG1(DBG_IMV, "received PCR Composite does not match " + "constructed one"); free(pcr_composite.ptr); free(quote_info.ptr); return FALSE; } - DBG2(DBG_IMV, "received and computed PCR Composite do not match"); + DBG2(DBG_IMV, "received PCR Composite matches constructed one"); free(pcr_composite.ptr); if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig)) diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 7df2ff035f..c2d3d7d72a 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -829,8 +829,7 @@ static void clear_pcrs(private_pts_t *this) } METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_composite, - chunk_t *quote_signature) + private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; @@ -842,7 +841,7 @@ METHOD(pts_t, quote_tpm, bool, TSS_HPCRS hPcrComposite; TSS_VALIDATION valData; TSS_RESULT result; - chunk_t pcr_comp, quote_sign; + chunk_t quote_info; BYTE* versionInfo; u_int32_t versionInfoSize, pcr, i = 0, f = 1; bool success = FALSE; @@ -942,34 +941,28 @@ METHOD(pts_t, quote_tpm, bool, } /* Set output chunks */ - pcr_comp = chunk_alloc(HASH_SIZE_SHA1); + *pcr_comp = chunk_alloc(HASH_SIZE_SHA1); + if (use_quote2) { /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */ - memcpy(pcr_comp.ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1, + memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1, HASH_SIZE_SHA1); } else { /* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */ - memcpy(pcr_comp.ptr, valData.rgbData + 8, HASH_SIZE_SHA1); + memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1); } - - *pcr_composite = pcr_comp; - *pcr_composite = chunk_clone(*pcr_composite); - DBG3(DBG_PTS, "Hash of PCR Composite: %B",pcr_composite); + DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp); - chunk_t tmp = chunk_create(valData.rgbData, valData.ulDataLength); - DBG3(DBG_PTS, "TPM Quote Info: %B",&tmp); + quote_info = chunk_create(valData.rgbData, valData.ulDataLength); + DBG3(DBG_PTS, "TPM Quote Info: %B","e_info); - quote_sign = chunk_alloc(valData.ulValidationDataLength); - memcpy(quote_sign.ptr, valData.rgbValidationData, - valData.ulValidationDataLength); - *quote_signature = quote_sign; - *quote_signature = chunk_clone(*quote_signature); - DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_signature); + *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData, + valData.ulValidationDataLength)); + DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig); - chunk_clear("e_sign); success = TRUE; /* Cleanup */ @@ -1114,13 +1107,13 @@ METHOD(pts_t, does_pcr_value_match, bool, */ METHOD(pts_t, get_quote_info, bool, - private_pts_t *this, bool use_quote2, bool ver_info_included, - pts_meas_algorithms_t composite_algo, - chunk_t *out_pcr_composite, chunk_t *out_quote_info) + private_pts_t *this, bool use_quote2, bool use_ver_info, + pts_meas_algorithms_t comp_hash_algo, + chunk_t *out_pcr_comp, chunk_t *out_quote_info) { u_int8_t size_of_select; - int pcr_composite_len, i; - chunk_t pcr_composite, hash_pcr_composite; + int pcr_comp_len, i; + chunk_t pcr_comp, hash_pcr_comp; bio_writer_t *writer; hasher_t *hasher; @@ -1136,7 +1129,7 @@ METHOD(pts_t, get_quote_info, bool, "unable to construct TPM Quote Info"); return FALSE; } - if (use_quote2 && ver_info_included && !this->tpm_version_info.ptr) + if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr) { DBG1(DBG_PTS, "TPM Version Information unavailable, ", "unable to construct TPM Quote Info2"); @@ -1144,10 +1137,9 @@ METHOD(pts_t, get_quote_info, bool, } size_of_select = 1 + this->pcr_max / 8; - pcr_composite_len = 2 + size_of_select + - 4 + this->pcr_count * this->pcr_len; + pcr_comp_len = 2 + size_of_select + 4 + this->pcr_count * this->pcr_len; - writer = bio_writer_create(pcr_composite_len); + writer = bio_writer_create(pcr_comp_len); writer->write_uint16(writer, size_of_select); for (i = 0; i < size_of_select; i++) @@ -1163,33 +1155,32 @@ METHOD(pts_t, get_quote_info, bool, writer->write_data(writer, chunk_create(this->pcrs[i], this->pcr_len)); } } - pcr_composite = chunk_clone(writer->get_buf(writer)); - DBG3(DBG_PTS, "PCR Composite: %B", &pcr_composite); + pcr_comp = chunk_clone(writer->get_buf(writer)); + DBG3(DBG_PTS, "constructed PCR Composite: %B", &pcr_comp); writer->destroy(writer); /* Output the TPM_PCR_COMPOSITE expected from IMC */ - if (composite_algo) + if (comp_hash_algo) { hash_algorithm_t algo; - algo = pts_meas_algo_to_hash(composite_algo); + algo = pts_meas_algo_to_hash(comp_hash_algo); hasher = lib->crypto->create_hasher(lib->crypto, algo); /* Hash the PCR Composite Structure */ - hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite); - DBG3(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite); + hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp); + DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp); hasher->destroy(hasher); } else { - *out_pcr_composite = chunk_clone(pcr_composite); - DBG3(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite); + *out_pcr_comp = chunk_clone(pcr_comp); } /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite); + hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp); hasher->destroy(hasher); writer->write_data(writer, hash_pcr_composite); @@ -1239,9 +1230,9 @@ METHOD(pts_t, get_quote_info, bool, writer->write_uint8(writer, TPM_LOC_ZERO); /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_composite); + writer->write_data(writer, hash_pcr_comp); - if (ver_info_included) + if (use_ver_info) { /* TPM version Info */ writer->write_data(writer, this->tpm_version_info); @@ -1256,20 +1247,19 @@ METHOD(pts_t, get_quote_info, bool, writer->write_data(writer, chunk_create("QUOT", 4)); /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_composite); + writer->write_data(writer, hash_pcr_comp); /* Secret assessment value 20 bytes (nonce) */ writer->write_data(writer, this->secret); } - - chunk_clear(&pcr_composite); - chunk_clear(&hash_pcr_composite); /* TPM Quote Info */ *out_quote_info = chunk_clone(writer->get_buf(writer)); - DBG3(DBG_PTS, "Calculated TPM Quote Info: %B", out_quote_info); + DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info); writer->destroy(writer); + free(pcr_comp.ptr); + free(hash_pcr_comp.ptr); clear_pcrs(this); return TRUE; diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index c6a5ffbb4e..095fe07181 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -323,13 +323,13 @@ struct pts_t { * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK * * @param use_quote2 Version of the Quote funtion to be used - * @param pcr_composite Chunk to save pcr composite structure - * @param quote_signature Chunk to save quote operation output + * @param pcr_comp Chunk to save PCR composite structure + * @param quote_sig Chunk to save quote operation output * without external data (anti-replay protection) * @return FALSE in case of TSS error, TRUE otherwise */ - bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_composite, - chunk_t *quote_signature); + bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp, + chunk_t *quote_sig); /** * Mark an extended PCR as selected @@ -348,27 +348,28 @@ struct pts_t { * @return TRUE if PCR number and register length is valid */ bool (*add_pcr)(pts_t *this, u_int32_t pcr, chunk_t pcr_before, - chunk_t pcr_after); + chunk_t pcr_after); /** * Constructs and returns TPM Quote Info structure expected from IMC * * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed - * @param ver_info_included Version info is concatenated to TPM_QUOTE_INFO2 - * @param pcr_composite Output variable to store PCR Composite + * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2 + * @param comp_hash_algo Composite Hash Algorithm + * @param pcr_comp Output variable to store PCR Composite * @param quote_info Output variable to store TPM Quote Info * @return FALSE in case of any error, TRUE otherwise */ bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included, - pts_meas_algorithms_t composite_algo, - chunk_t *pcr_composite, chunk_t *quote_info); + pts_meas_algorithms_t comp_hash_algo, + chunk_t *pcr_comp, chunk_t *quote_info); /** * Constructs and returns PCR Quote Digest structure expected from IMC * * @param data Calculated TPM Quote Digest * @param signature TPM Quote Signature received from IMC - * @return FALSE in case signature is not verified, TRUE otherwise + * @return FALSE if signature is not verified */ bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature); diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c index a621164bf8..e610da35ce 100644 --- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c +++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c @@ -287,7 +287,7 @@ METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool, METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void, private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig) { - this->evid_sig = chunk_clone(evid_sig); + this->evid_sig = evid_sig; this->has_evid_sig = TRUE; } @@ -320,8 +320,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, .type = TCG_PTS_SIMPLE_EVID_FINAL, .flags = flags, .comp_hash_algorithm = comp_hash_algorithm, - .pcr_comp = chunk_clone(pcr_comp), - .tpm_quote_sig = chunk_clone(tpm_quote_sig), + .pcr_comp = pcr_comp, + .tpm_quote_sig = tpm_quote_sig, ); return &this->public.pa_tnc_attribute;