fixed memory leaks

2011-11-22 22:29:40 +01:00 · 2011-11-22 22:29:40 +01:00 · b2485f321d
parent db103fada4
commit b2485f321d
5 changed files with 53 additions and 63 deletions
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@ -422,8 +422,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,

 			use_quote2 = lib->settings->get_bool(lib->settings,
 							"libimcv.plugins.imc-attestation.use_quote2", TRUE);
-
-			/* Quote */
 			if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, &quote_sig))
 			{
 				DBG1(DBG_IMC, "error occured during TPM quote operation");
@ -433,7 +431,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 			/* Send Simple Evidence Final attribute */
 			flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 :
 								 PTS_SIMPLE_EVID_FINAL_QUOTE_INFO;
-			comp_hash_algorithm == PTS_MEAS_ALGO_SHA1;
+			comp_hash_algorithm = PTS_MEAS_ALGO_SHA1;

 			attr = tcg_pts_attr_simple_evid_final_create(flags,
 								comp_hash_algorithm, pcr_composite, quote_sig);
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@ -318,18 +318,19 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 				if (!pts->get_quote_info(pts, use_quote2, use_ver_info,
 						comp_hash_algorithm, &pcr_composite, &quote_info))
 				{
-					DBG1(DBG_IMV, "unable to compute TPM Quote Info");
+					DBG1(DBG_IMV, "unable to construct TPM Quote Info");
 					return FALSE;
 				}

 				if (!chunk_equals(pcr_comp, pcr_composite))
 				{
-					DBG1(DBG_IMV, "received and computed PCR Composite match");
+					DBG1(DBG_IMV, "received PCR Composite does not match "
+								  "constructed one");
 					free(pcr_composite.ptr);
 					free(quote_info.ptr);
 					return FALSE;
 				}
-				DBG2(DBG_IMV, "received and computed PCR Composite do not match");
+				DBG2(DBG_IMV, "received PCR Composite matches constructed one");
 				free(pcr_composite.ptr);

 				if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@ -829,8 +829,7 @@ static void clear_pcrs(private_pts_t *this)
 }

 METHOD(pts_t, quote_tpm, bool,
-	private_pts_t *this, bool use_quote2, chunk_t *pcr_composite,
-	chunk_t *quote_signature)
+	private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig)
 {
 	TSS_HCONTEXT hContext;
 	TSS_HTPM hTPM;
@ -842,7 +841,7 @@ METHOD(pts_t, quote_tpm, bool,
 	TSS_HPCRS hPcrComposite;
 	TSS_VALIDATION valData;
 	TSS_RESULT result;
-	chunk_t pcr_comp, quote_sign;
+	chunk_t quote_info;
 	BYTE* versionInfo;
 	u_int32_t versionInfoSize, pcr, i = 0, f = 1;
 	bool success = FALSE;
@ -942,34 +941,28 @@ METHOD(pts_t, quote_tpm, bool,
 	}

 	/* Set output chunks */
-	pcr_comp = chunk_alloc(HASH_SIZE_SHA1);
+	*pcr_comp = chunk_alloc(HASH_SIZE_SHA1);
+
 	if (use_quote2)
 	{
 		/* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */
-		memcpy(pcr_comp.ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1,
+		memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1,
 			   HASH_SIZE_SHA1);
 	}
 	else
 	{
 		/* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */
-		memcpy(pcr_comp.ptr, valData.rgbData + 8, HASH_SIZE_SHA1);
+		memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1);
 	}
-	
-	*pcr_composite = pcr_comp;
-	*pcr_composite = chunk_clone(*pcr_composite);
-	DBG3(DBG_PTS, "Hash of PCR Composite: %B",pcr_composite);
+	DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp);

-	chunk_t tmp = chunk_create(valData.rgbData, valData.ulDataLength);
-	DBG3(DBG_PTS, "TPM Quote Info: %B",&tmp);
+	quote_info = chunk_create(valData.rgbData, valData.ulDataLength);
+	DBG3(DBG_PTS, "TPM Quote Info: %B",&quote_info);

-	quote_sign = chunk_alloc(valData.ulValidationDataLength);
-	memcpy(quote_sign.ptr, valData.rgbValidationData,
-							  valData.ulValidationDataLength);
-	*quote_signature = quote_sign;
-	*quote_signature = chunk_clone(*quote_signature);
-	DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_signature);
+	*quote_sig = chunk_clone(chunk_create(valData.rgbValidationData,
+							  			   valData.ulValidationDataLength));
+	DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig);

-	chunk_clear(&quote_sign);
 	success = TRUE;

 	/* Cleanup */
@ -1114,13 +1107,13 @@ METHOD(pts_t, does_pcr_value_match, bool,
 */

 METHOD(pts_t, get_quote_info, bool,
-	private_pts_t *this, bool use_quote2, bool ver_info_included,
-	pts_meas_algorithms_t composite_algo,
-	chunk_t *out_pcr_composite, chunk_t *out_quote_info)
+	private_pts_t *this, bool use_quote2, bool use_ver_info,
+	pts_meas_algorithms_t comp_hash_algo,
+	chunk_t *out_pcr_comp, chunk_t *out_quote_info)
 {
 	u_int8_t size_of_select;
-	int pcr_composite_len, i;
-	chunk_t pcr_composite, hash_pcr_composite;
+	int pcr_comp_len, i;
+	chunk_t pcr_comp, hash_pcr_comp;
 	bio_writer_t *writer;
 	hasher_t *hasher;

@ -1136,7 +1129,7 @@ METHOD(pts_t, get_quote_info, bool,
 					  "unable to construct TPM Quote Info");
 		return FALSE;
 	}
-	if (use_quote2 && ver_info_included && !this->tpm_version_info.ptr)
+	if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr)
 	{
 		DBG1(DBG_PTS, "TPM Version Information unavailable, ",
 					  "unable to construct TPM Quote Info2");
@ -1144,10 +1137,9 @@ METHOD(pts_t, get_quote_info, bool,
 	}
 	
 	size_of_select = 1 + this->pcr_max / 8;	
-	pcr_composite_len = 2 + size_of_select +
-						4 + this->pcr_count * this->pcr_len;
+	pcr_comp_len = 2 + size_of_select + 4 + this->pcr_count * this->pcr_len;
 	
-	writer = bio_writer_create(pcr_composite_len);
+	writer = bio_writer_create(pcr_comp_len);

 	writer->write_uint16(writer, size_of_select);
 	for (i = 0; i < size_of_select; i++)
@ -1163,33 +1155,32 @@ METHOD(pts_t, get_quote_info, bool,
 			writer->write_data(writer, chunk_create(this->pcrs[i], this->pcr_len));
 		}
 	}
-	pcr_composite = chunk_clone(writer->get_buf(writer));
-	DBG3(DBG_PTS, "PCR Composite: %B", &pcr_composite);
+	pcr_comp = chunk_clone(writer->get_buf(writer));
+	DBG3(DBG_PTS, "constructed PCR Composite: %B", &pcr_comp);

 	writer->destroy(writer);

 	/* Output the TPM_PCR_COMPOSITE expected from IMC */
-	if (composite_algo)
+	if (comp_hash_algo)
 	{
 		hash_algorithm_t algo;

-		algo = pts_meas_algo_to_hash(composite_algo);
+		algo = pts_meas_algo_to_hash(comp_hash_algo);
 		hasher = lib->crypto->create_hasher(lib->crypto, algo);

 		/* Hash the PCR Composite Structure */
-		hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
-		DBG3(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
+		hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp);
+		DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp);
 		hasher->destroy(hasher);
 	}
 	else
 	{
-		*out_pcr_composite = chunk_clone(pcr_composite);
-		DBG3(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite);
+		*out_pcr_comp = chunk_clone(pcr_comp);
 	}

 	/* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-	hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite);
+	hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp);
 	hasher->destroy(hasher);

 	writer->write_data(writer, hash_pcr_composite);
@ -1239,9 +1230,9 @@ METHOD(pts_t, get_quote_info, bool,
 		writer->write_uint8(writer, TPM_LOC_ZERO);

 		/* PCR Composite Hash */
-		writer->write_data(writer, hash_pcr_composite);
+		writer->write_data(writer, hash_pcr_comp);

-		if (ver_info_included)
+		if (use_ver_info)
 		{
 			/* TPM version Info */
 			writer->write_data(writer, this->tpm_version_info);
@ -1256,20 +1247,19 @@ METHOD(pts_t, get_quote_info, bool,
 		writer->write_data(writer, chunk_create("QUOT", 4));

 		/* PCR Composite Hash */
-		writer->write_data(writer, hash_pcr_composite);
+		writer->write_data(writer, hash_pcr_comp);

 		/* Secret assessment value 20 bytes (nonce) */
 		writer->write_data(writer, this->secret);
 	}
-	
-	chunk_clear(&pcr_composite);
-	chunk_clear(&hash_pcr_composite);

 	/* TPM Quote Info */
 	*out_quote_info = chunk_clone(writer->get_buf(writer));
-	DBG3(DBG_PTS, "Calculated TPM Quote Info: %B", out_quote_info);
+	DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info);

 	writer->destroy(writer);
+	free(pcr_comp.ptr);
+	free(hash_pcr_comp.ptr);
 	clear_pcrs(this);

 	return TRUE;
--- a/src/libpts/pts/pts.h
+++ b/src/libpts/pts/pts.h
@ -323,13 +323,13 @@ struct pts_t {
 	 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
 	 *
 	 * @param use_quote2		Version of the Quote funtion to be used
-	 * @param pcr_composite		Chunk to save pcr composite structure
-	 * @param quote_signature	Chunk to save quote operation output
+	 * @param pcr_comp			Chunk to save PCR composite structure
+	 * @param quote_sig			Chunk to save quote operation output
 	 *							without external data (anti-replay protection)
 	 * @return					FALSE in case of TSS error, TRUE otherwise
 	 */
-	 bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_composite,
-					   chunk_t *quote_signature);
+	 bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
+													 chunk_t *quote_sig);

 	 /**
 	 * Mark an extended PCR as selected
@ -348,27 +348,28 @@ struct pts_t {
 	 * @return					TRUE if PCR number and register length is valid
 	 */
 	bool (*add_pcr)(pts_t *this, u_int32_t pcr, chunk_t pcr_before,
-												 chunk_t pcr_after);
+												chunk_t pcr_after);

 	 /**
 	 * Constructs and returns TPM Quote Info structure expected from IMC
 	 *
 	 * @param use_quote2		Version of the TPM_QUOTE_INFO to be constructed
-	 * @param ver_info_included Version info is concatenated to TPM_QUOTE_INFO2
-	 * @param pcr_composite		Output variable to store PCR Composite
+	 * @param use_ver_info		Version info is concatenated to TPM_QUOTE_INFO2
+	 * @param comp_hash_algo	Composite Hash Algorithm
+	 * @param pcr_comp			Output variable to store PCR Composite
 	 * @param quote_info		Output variable to store TPM Quote Info
 	 * @return					FALSE in case of any error, TRUE otherwise
 	 */
 	 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
-							pts_meas_algorithms_t composite_algo,
-							chunk_t *pcr_composite, chunk_t *quote_info);
+							pts_meas_algorithms_t comp_hash_algo,
+							chunk_t *pcr_comp, chunk_t *quote_info);

 	 /**
 	 * Constructs and returns PCR Quote Digest structure expected from IMC
 	 *
 	 * @param data				Calculated TPM Quote Digest
 	 * @param signature			TPM Quote Signature received from IMC
-	 * @return			FALSE in case signature is not verified, TRUE otherwise
+	 * @return					FALSE if signature is not verified
 	 */
 	 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);

--- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
+++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
@ -287,7 +287,7 @@ METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool,
 METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void,
 	private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig)
 {
-	this->evid_sig = chunk_clone(evid_sig);
+	this->evid_sig = evid_sig;
 	this->has_evid_sig = TRUE;
 }

@ -320,8 +320,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
 		.type = TCG_PTS_SIMPLE_EVID_FINAL,
 		.flags = flags,
 		.comp_hash_algorithm = comp_hash_algorithm,
-		.pcr_comp = chunk_clone(pcr_comp),
-		.tpm_quote_sig = chunk_clone(tpm_quote_sig),
+		.pcr_comp = pcr_comp,
+		.tpm_quote_sig = tpm_quote_sig,
 	);

 	return &this->public.pa_tnc_attribute;