search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vscode-extensions.github.copilot{*}: bump (#364729)
[NixPkgs.git] / pkgs / os-specific / linux / systemd / 0015-tpm2_context_init-fix-driver-name-checking.patch
blob57ca20fdcbf774f24c3d4ac1d185825a051fc673
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Nick Cao <nickcao@nichi.co>
3 Date: Sun, 15 Jan 2023 20:15:55 +0800
4 Subject: [PATCH] tpm2_context_init: fix driver name checking
5
6 https://github.com/systemd/systemd/commit/542dbc623e introduced
7 additional checks for tpm2 driver names, namely ensuring the driver
8 name, when concated with "libtss2-tcti-" and ".so.0", generates a valid
9 filename (with no '/' inside).
10
11 For example, if the driver is name "device", the line
12 fn = strjoina("libtss2-tcti-", driver, ".so.0")
13 would yield "libtss2-tcti-device.so.0", passing the check. And the
14 filename is then passed to dlopen for loading the driver.
15
16 Our current approach for systemd to correctly locate these dynamically
17 loaded libraries is to patch the filenames to include their absolute
18 path. Thus the line mentioned above is patched into
19 fn = strjoina("/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-", driver, ".so.0")
20 yielding "/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-device.so.0",
21 tripping the check.
22
23 This patch relaxes the check to also accept absolute paths, by replacing
24 filename_is_valid with path_is_valid.
25 ---
26 src/shared/tpm2-util.c | 2 +-
27 1 file changed, 1 insertion(+), 1 deletion(-)
28
29 diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
30 index 10a78adfaf..6493d5d270 100644
31 --- a/src/shared/tpm2-util.c
32 +++ b/src/shared/tpm2-util.c
33 @@ -670,7 +670,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
34 fn = strjoina("libtss2-tcti-", driver, ".so.0");
35
36 /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */
37 - if (!filename_is_valid(fn))
38 + if (!path_is_valid(fn))
39 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver);
40
41 context->tcti_dl = dlopen(fn, RTLD_NOW);
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs