fixed memory leaks
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Nov 2011 21:29:40 +0000 (22:29 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 20:22:51 +0000 (21:22 +0100)
src/libimcv/plugins/imc_attestation/imc_attestation_process.c
src/libimcv/plugins/imv_attestation/imv_attestation_process.c
src/libpts/pts/pts.c
src/libpts/pts/pts.h
src/libpts/tcg/tcg_pts_attr_simple_evid_final.c

index 94773af..0e37a5f 100644 (file)
@@ -422,8 +422,6 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
 
                        use_quote2 = lib->settings->get_bool(lib->settings,
                                                        "libimcv.plugins.imc-attestation.use_quote2", TRUE);
-
-                       /* Quote */
                        if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, &quote_sig))
                        {
                                DBG1(DBG_IMC, "error occured during TPM quote operation");
@@ -433,7 +431,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                        /* Send Simple Evidence Final attribute */
                        flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 :
                                                                 PTS_SIMPLE_EVID_FINAL_QUOTE_INFO;
-                       comp_hash_algorithm == PTS_MEAS_ALGO_SHA1;
+                       comp_hash_algorithm = PTS_MEAS_ALGO_SHA1;
 
                        attr = tcg_pts_attr_simple_evid_final_create(flags,
                                                                comp_hash_algorithm, pcr_composite, quote_sig);
index 194bb8b..5fa7612 100644 (file)
@@ -318,18 +318,19 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
                                if (!pts->get_quote_info(pts, use_quote2, use_ver_info,
                                                comp_hash_algorithm, &pcr_composite, &quote_info))
                                {
-                                       DBG1(DBG_IMV, "unable to compute TPM Quote Info");
+                                       DBG1(DBG_IMV, "unable to construct TPM Quote Info");
                                        return FALSE;
                                }
 
                                if (!chunk_equals(pcr_comp, pcr_composite))
                                {
-                                       DBG1(DBG_IMV, "received and computed PCR Composite match");
+                                       DBG1(DBG_IMV, "received PCR Composite does not match "
+                                                                 "constructed one");
                                        free(pcr_composite.ptr);
                                        free(quote_info.ptr);
                                        return FALSE;
                                }
-                               DBG2(DBG_IMV, "received and computed PCR Composite do not match");
+                               DBG2(DBG_IMV, "received PCR Composite matches constructed one");
                                free(pcr_composite.ptr);
 
                                if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
index 7df2ff0..c2d3d7d 100644 (file)
@@ -829,8 +829,7 @@ static void clear_pcrs(private_pts_t *this)
 }
 
 METHOD(pts_t, quote_tpm, bool,
-       private_pts_t *this, bool use_quote2, chunk_t *pcr_composite,
-       chunk_t *quote_signature)
+       private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig)
 {
        TSS_HCONTEXT hContext;
        TSS_HTPM hTPM;
@@ -842,7 +841,7 @@ METHOD(pts_t, quote_tpm, bool,
        TSS_HPCRS hPcrComposite;
        TSS_VALIDATION valData;
        TSS_RESULT result;
-       chunk_t pcr_comp, quote_sign;
+       chunk_t quote_info;
        BYTE* versionInfo;
        u_int32_t versionInfoSize, pcr, i = 0, f = 1;
        bool success = FALSE;
@@ -942,34 +941,28 @@ METHOD(pts_t, quote_tpm, bool,
        }
 
        /* Set output chunks */
-       pcr_comp = chunk_alloc(HASH_SIZE_SHA1);
+       *pcr_comp = chunk_alloc(HASH_SIZE_SHA1);
+
        if (use_quote2)
        {
                /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */
-               memcpy(pcr_comp.ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1,
+               memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1,
                           HASH_SIZE_SHA1);
        }
        else
        {
                /* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */
-               memcpy(pcr_comp.ptr, valData.rgbData + 8, HASH_SIZE_SHA1);
+               memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1);
        }
-       
-       *pcr_composite = pcr_comp;
-       *pcr_composite = chunk_clone(*pcr_composite);
-       DBG3(DBG_PTS, "Hash of PCR Composite: %B",pcr_composite);
+       DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp);
 
-       chunk_t tmp = chunk_create(valData.rgbData, valData.ulDataLength);
-       DBG3(DBG_PTS, "TPM Quote Info: %B",&tmp);
+       quote_info = chunk_create(valData.rgbData, valData.ulDataLength);
+       DBG3(DBG_PTS, "TPM Quote Info: %B",&quote_info);
 
-       quote_sign = chunk_alloc(valData.ulValidationDataLength);
-       memcpy(quote_sign.ptr, valData.rgbValidationData,
-                                                         valData.ulValidationDataLength);
-       *quote_signature = quote_sign;
-       *quote_signature = chunk_clone(*quote_signature);
-       DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_signature);
+       *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData,
+                                                                                  valData.ulValidationDataLength));
+       DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig);
 
-       chunk_clear(&quote_sign);
        success = TRUE;
 
        /* Cleanup */
@@ -1114,13 +1107,13 @@ METHOD(pts_t, does_pcr_value_match, bool,
  */
 
 METHOD(pts_t, get_quote_info, bool,
-       private_pts_t *this, bool use_quote2, bool ver_info_included,
-       pts_meas_algorithms_t composite_algo,
-       chunk_t *out_pcr_composite, chunk_t *out_quote_info)
+       private_pts_t *this, bool use_quote2, bool use_ver_info,
+       pts_meas_algorithms_t comp_hash_algo,
+       chunk_t *out_pcr_comp, chunk_t *out_quote_info)
 {
        u_int8_t size_of_select;
-       int pcr_composite_len, i;
-       chunk_t pcr_composite, hash_pcr_composite;
+       int pcr_comp_len, i;
+       chunk_t pcr_comp, hash_pcr_comp;
        bio_writer_t *writer;
        hasher_t *hasher;
 
@@ -1136,7 +1129,7 @@ METHOD(pts_t, get_quote_info, bool,
                                          "unable to construct TPM Quote Info");
                return FALSE;
        }
-       if (use_quote2 && ver_info_included && !this->tpm_version_info.ptr)
+       if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr)
        {
                DBG1(DBG_PTS, "TPM Version Information unavailable, ",
                                          "unable to construct TPM Quote Info2");
@@ -1144,10 +1137,9 @@ METHOD(pts_t, get_quote_info, bool,
        }
        
        size_of_select = 1 + this->pcr_max / 8; 
-       pcr_composite_len = 2 + size_of_select +
-                                               4 + this->pcr_count * this->pcr_len;
+       pcr_comp_len = 2 + size_of_select + 4 + this->pcr_count * this->pcr_len;
        
-       writer = bio_writer_create(pcr_composite_len);
+       writer = bio_writer_create(pcr_comp_len);
 
        writer->write_uint16(writer, size_of_select);
        for (i = 0; i < size_of_select; i++)
@@ -1163,33 +1155,32 @@ METHOD(pts_t, get_quote_info, bool,
                        writer->write_data(writer, chunk_create(this->pcrs[i], this->pcr_len));
                }
        }
-       pcr_composite = chunk_clone(writer->get_buf(writer));
-       DBG3(DBG_PTS, "PCR Composite: %B", &pcr_composite);
+       pcr_comp = chunk_clone(writer->get_buf(writer));
+       DBG3(DBG_PTS, "constructed PCR Composite: %B", &pcr_comp);
 
        writer->destroy(writer);
 
        /* Output the TPM_PCR_COMPOSITE expected from IMC */
-       if (composite_algo)
+       if (comp_hash_algo)
        {
                hash_algorithm_t algo;
 
-               algo = pts_meas_algo_to_hash(composite_algo);
+               algo = pts_meas_algo_to_hash(comp_hash_algo);
                hasher = lib->crypto->create_hasher(lib->crypto, algo);
 
                /* Hash the PCR Composite Structure */
-               hasher->allocate_hash(hasher, pcr_composite, out_pcr_composite);
-               DBG3(DBG_PTS, "Hash of calculated PCR Composite: %B", out_pcr_composite);
+               hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp);
+               DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp);
                hasher->destroy(hasher);
        }
        else
        {
-               *out_pcr_composite = chunk_clone(pcr_composite);
-               DBG3(DBG_PTS, "calculated PCR Composite: %B", out_pcr_composite);
+               *out_pcr_comp = chunk_clone(pcr_comp);
        }
 
        /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       hasher->allocate_hash(hasher, pcr_composite, &hash_pcr_composite);
+       hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp);
        hasher->destroy(hasher);
 
        writer->write_data(writer, hash_pcr_composite);
@@ -1239,9 +1230,9 @@ METHOD(pts_t, get_quote_info, bool,
                writer->write_uint8(writer, TPM_LOC_ZERO);
 
                /* PCR Composite Hash */
-               writer->write_data(writer, hash_pcr_composite);
+               writer->write_data(writer, hash_pcr_comp);
 
-               if (ver_info_included)
+               if (use_ver_info)
                {
                        /* TPM version Info */
                        writer->write_data(writer, this->tpm_version_info);
@@ -1256,20 +1247,19 @@ METHOD(pts_t, get_quote_info, bool,
                writer->write_data(writer, chunk_create("QUOT", 4));
 
                /* PCR Composite Hash */
-               writer->write_data(writer, hash_pcr_composite);
+               writer->write_data(writer, hash_pcr_comp);
 
                /* Secret assessment value 20 bytes (nonce) */
                writer->write_data(writer, this->secret);
        }
-       
-       chunk_clear(&pcr_composite);
-       chunk_clear(&hash_pcr_composite);
 
        /* TPM Quote Info */
        *out_quote_info = chunk_clone(writer->get_buf(writer));
-       DBG3(DBG_PTS, "Calculated TPM Quote Info: %B", out_quote_info);
+       DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info);
 
        writer->destroy(writer);
+       free(pcr_comp.ptr);
+       free(hash_pcr_comp.ptr);
        clear_pcrs(this);
 
        return TRUE;
index c6a5ffb..095fe07 100644 (file)
@@ -323,13 +323,13 @@ struct pts_t {
         * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
         *
         * @param use_quote2            Version of the Quote funtion to be used
-        * @param pcr_composite         Chunk to save pcr composite structure
-        * @param quote_signature       Chunk to save quote operation output
+        * @param pcr_comp                      Chunk to save PCR composite structure
+        * @param quote_sig                     Chunk to save quote operation output
         *                                                      without external data (anti-replay protection)
         * @return                                      FALSE in case of TSS error, TRUE otherwise
         */
-        bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_composite,
-                                          chunk_t *quote_signature);
+        bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
+                                                                                                        chunk_t *quote_sig);
 
         /**
         * Mark an extended PCR as selected
@@ -348,27 +348,28 @@ struct pts_t {
         * @return                                      TRUE if PCR number and register length is valid
         */
        bool (*add_pcr)(pts_t *this, u_int32_t pcr, chunk_t pcr_before,
-                                                                                                chunk_t pcr_after);
+                                                                                               chunk_t pcr_after);
 
         /**
         * Constructs and returns TPM Quote Info structure expected from IMC
         *
         * @param use_quote2            Version of the TPM_QUOTE_INFO to be constructed
-        * @param ver_info_included Version info is concatenated to TPM_QUOTE_INFO2
-        * @param pcr_composite         Output variable to store PCR Composite
+        * @param use_ver_info          Version info is concatenated to TPM_QUOTE_INFO2
+        * @param comp_hash_algo        Composite Hash Algorithm
+        * @param pcr_comp                      Output variable to store PCR Composite
         * @param quote_info            Output variable to store TPM Quote Info
         * @return                                      FALSE in case of any error, TRUE otherwise
         */
         bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
-                                                       pts_meas_algorithms_t composite_algo,
-                                                       chunk_t *pcr_composite, chunk_t *quote_info);
+                                                       pts_meas_algorithms_t comp_hash_algo,
+                                                       chunk_t *pcr_comp, chunk_t *quote_info);
 
         /**
         * Constructs and returns PCR Quote Digest structure expected from IMC
         *
         * @param data                          Calculated TPM Quote Digest
         * @param signature                     TPM Quote Signature received from IMC
-        * @return                      FALSE in case signature is not verified, TRUE otherwise
+        * @return                                      FALSE if signature is not verified
         */
         bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
 
index a621164..e610da3 100644 (file)
@@ -287,7 +287,7 @@ METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool,
 METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void,
        private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig)
 {
-       this->evid_sig = chunk_clone(evid_sig);
+       this->evid_sig = evid_sig;
        this->has_evid_sig = TRUE;
 }
 
@@ -320,8 +320,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
                .type = TCG_PTS_SIMPLE_EVID_FINAL,
                .flags = flags,
                .comp_hash_algorithm = comp_hash_algorithm,
-               .pcr_comp = chunk_clone(pcr_comp),
-               .tpm_quote_sig = chunk_clone(tpm_quote_sig),
+               .pcr_comp = pcr_comp,
+               .tpm_quote_sig = tpm_quote_sig,
        );
 
        return &this->public.pa_tnc_attribute;