From b1b1d6469964b61e710b08f25cbf01a7156d2ea5 Mon Sep 17 00:00:00 2001 From: "Yao, Jiewen" Date: Wed, 27 Jan 2016 12:16:47 +0000 Subject: [PATCH] SecurityPkg: Correct data copy in Tpm2NvReadPublic. 1) NvPublic.dataSize data should be got from original receive buffer, instead of returned NvPublic. 2) NvNameSize means the size of NvName without size field. The original code treats it to be size of NvName with size field, so the last 2 bytes are missing. This patch fixed problem. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Zhang, Chao B" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19756 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c index 5fe48e1804..9508022132 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -250,11 +250,11 @@ Tpm2NvReadPublic ( NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg); WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size); - Buffer = (UINT8 *)&NvPublic->nvPublic.authPolicy; + Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy; Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size; NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - CopyMem (NvName, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize, NvNameSize); + CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize); NvName->size = NvNameSize; return EFI_SUCCESS;