From 072dd977d64d9c6ec051fbcb6318dff02bc5fbfd Mon Sep 17 00:00:00 2001 From: "Yao, Jiewen" Date: Wed, 27 Jan 2016 12:16:47 +0000 Subject: SecurityPkg: Correct data copy in Tpm2NvReadPublic. 1) NvPublic.dataSize data should be got from original receive buffer, instead of returned NvPublic. 2) NvNameSize means the size of NvName without size field. The original code treats it to be size of NvName with size field, so the last 2 bytes are missing. This patch fixed problem. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Zhang, Chao B" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19756 6f19259b-4bc3-4df7-8a09-765794883524 (cherry picked from commit b1b1d6469964b61e710b08f25cbf01a7156d2ea5) --- SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c index 5fe48e1804..9508022132 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -250,11 +250,11 @@ Tpm2NvReadPublic ( NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg); WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size); - Buffer = (UINT8 *)&NvPublic->nvPublic.authPolicy; + Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy; Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size; NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - CopyMem (NvName, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize, NvNameSize); + CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize); NvName->size = NvNameSize; return EFI_SUCCESS; -- cgit v1.2.3