diff options
Diffstat (limited to 'pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch')
| -rw-r--r-- | pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch b/pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch new file mode 100644 index 00000000000..8d6eab5ed84 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nick Cao <nickcao@nichi.co> +Date: Sun, 15 Jan 2023 20:15:55 +0800 +Subject: [PATCH] tpm2_context_init: fix driver name checking + +https://github.com/systemd/systemd/commit/542dbc623e introduced +additional checks for tpm2 driver names, namely ensuring the driver +name, when concated with "libtss2-tcti-" and ".so.0", generates a valid +filename (with no '/' inside). + +For example, if the driver is name "device", the line + fn = strjoina("libtss2-tcti-", driver, ".so.0") +would yield "libtss2-tcti-device.so.0", passing the check. And the +filename is then passed to dlopen for loading the driver. + +Our current approach for systemd to correctly locate these dynamically +loaded libraries is to patch the filenames to include their absolute +path. Thus the line mentioned above is patched into + fn = strjoina("/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-", driver, ".so.0") +yielding "/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-device.so.0", +tripping the check. + +This patch relaxes the check to also accept absolute paths, by replacing +filename_is_valid with path_is_valid. +--- + src/shared/tpm2-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c +index 4345b95106..424a334df1 100644 +--- a/src/shared/tpm2-util.c ++++ b/src/shared/tpm2-util.c +@@ -176,7 +176,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { + fn = strjoina("libtss2-tcti-", driver, ".so.0"); + + /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */ +- if (!filename_is_valid(fn)) ++ if (!path_is_valid(fn)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver); + + context->tcti_dl = dlopen(fn, RTLD_NOW); |