Skip to content

Limit the response buffer size to the negotiated size#577

Merged
stefanberger merged 2 commits into
masterfrom
stefanberger/limit_response_buffer_size
Apr 30, 2026
Merged

Limit the response buffer size to the negotiated size#577
stefanberger merged 2 commits into
masterfrom
stefanberger/limit_response_buffer_size

Conversation

@stefanberger
Copy link
Copy Markdown
Owner

@stefanberger stefanberger commented Apr 30, 2026
edited
Loading

This PR deals with buffer sizes

  • It limits the value set in the response buffer size variable to the size negotiated with the TPMLIB_SetBufferSize() call even if this means truncating the response (not expected to happen).
  • Add comments to how the maximum and minimum sizes of the buffer were chosen. Adjust the lower size even though it is assumed to be correct at this point.

@stefanberger
tpm2: Limit the response buffer size indicator to the negotiated size
763e211 
Limit the variable indicating to the caller how many bytes were returned
in a TPM response to the size returned from TPM2_GetBufferSize(). This
then reflects the buffer size that was negotiated with the
TPMLIB_SetBufferSize() call and for which the recipient of the buffer
should have enough space for.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm2: Adjust min. buffer size and add comment about min and max sizes
50faf22 
The minimum buffer size was set to MAX_CONTEXT_SIZE + 128, which is fine
if the assumption that the actual biggest command or response buffer is
created by TPM2_ContextLoad/Save commands holds. If the assumption was
not holding, then the choice of the minimum buffer size would truncate
response sizes. Adjust this size to the sizeof(TPMS_CONTEXT), which is
80 bytes bigger than MAX_CONTEXT_SIZE but still related to
TPM2_ContextLoad/Save commands. Still add a generous additional 128 bytes
to it.

Add a comment about the maximum size and the sizes used by TIS and CRB.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger stefanberger force-pushed the stefanberger/limit_response_buffer_size branch from 9fd2858 to 50faf22 Compare April 30, 2026 00:52
@stefanberger stefanberger merged commit 3145768 into master Apr 30, 2026
4 checks passed
@stefanberger stefanberger deleted the stefanberger/limit_response_buffer_size branch April 30, 2026 03:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefanberger