From 818a8afb128a969f199ab386d4183f3439e3182f Mon Sep 17 00:00:00 2001
From: Hugel <2712504175@qq.com>
Date: Thu, 14 Jan 2021 15:17:14 +0800
Subject: [PATCH] fix CVE-2020-24455

---
 ...on-of-policy-callback-for-reading-PC.patch | 30 +++++++++++++++++++
 tpm2-tss.spec                                 | 10 ++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch

diff --git a/backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch b/backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
new file mode 100644
index 0000000..5003338
--- /dev/null
+++ b/backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
@@ -0,0 +1,30 @@
+From ac935ca8bcb5227a599284799917c9c04c26e3ee Mon Sep 17 00:00:00 2001
+From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
+Date: Fri, 21 Aug 2020 17:55:16 +0200
+Subject: [PATCH] FAPI: Fix execution of policy callback for reading PCR
+ registers.
+
+For Policy PCR current PCR registers of the TPM registers can be used to compute
+the policy digest. The counter in the computed PCR list was not set. Thus a empty
+PCR list was used for the policy digest computation.
+
+Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
+---
+ src/tss2-fapi/ifapi_policy_callbacks.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/tss2-fapi/ifapi_policy_callbacks.c b/src/tss2-fapi/ifapi_policy_callbacks.c
+index c0600ae..887a2c3 100644
+--- a/src/tss2-fapi/ifapi_policy_callbacks.c
++++ b/src/tss2-fapi/ifapi_policy_callbacks.c
+@@ -364,6 +364,7 @@ ifapi_read_pcr(
+ 
+         /* Initialize digest list with pcr values from TPM */
+         i_pcr = 0;
++        (*pcr_values)->count = pcr_digests->count;
+         for (i = 0; i < out_selection->count; i++) {
+             for (pcr = 0; pcr < TPM2_MAX_PCRS; pcr++) {
+                 uint8_t byte_idx = pcr / 8;
+-- 
+1.8.3.1
+
diff --git a/tpm2-tss.spec b/tpm2-tss.spec
index 69a8b6d..75ca586 100644
--- a/tpm2-tss.spec
+++ b/tpm2-tss.spec
@@ -1,11 +1,13 @@
 Name:          tpm2-tss
 Version:       2.4.1
-Release:       1
+Release:       2
 Summary:       TPM2.0 Software Stack
 License:       BSD and TCGL
 URL:           https://github.com/tpm2-software/tpm2-tss
 Source0:       https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
 
+Patch0:        backport-CVE-2020-24455-FAPI-Fix-execution-of-policy-callback-for-reading-PC.patch
+
 BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel json-c-devel libcurl-devel doxygen
 
 %description
@@ -68,6 +70,12 @@ make check
 %{_mandir}/man*/*
 
 %changelog
+* Thu Jan 14 2021 Hugel<gengqihu1@huawei.com> - 2.4.1-2
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC: fix CVE-2020-24455
+
 * Mon Jul 27 2020 wanghongzhe<wanghongzhe@huawei.com> - 2.4.1-1
 - Type:enhancement
 - ID:NA
-- 
Gitee