64-bit TA: fix tests 8009 and 8062
These tests (8009: GP a7-2b-1f, 8062: GP a7-c0-a0) incorrectly use
sizeof(ptr) when the length of the string pointed to by ptr is meant.
Since the size of the string ('TEE\0') is 4, this would happen to work
in 32-bit mode, but fails when TAs are built as 64-bit binaries.
This commit also fixes a buffer overflow on the host side, caused by
the same mistake.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
diff --git a/Makefile b/Makefile
index f4d8622..e2fba02 100644
--- a/Makefile
+++ b/Makefile
@@ -185,6 +185,8 @@
$(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TEE_include/tee_internal_api.h,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TEE_include/code_patches/v1_1_0_4-2014_11_07/tee_internal_api.h.patch)
$(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_ICA/code_files/TTA_TCF_ICA_protocol.h,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_ICA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_ICA_protocol.h.patch)
$(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_files/TTA_TCF_MultipleInstanceTA_protocol.h,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_MultipleInstanceTA_protocol.h.patch)
+ $(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_files/TTA_TCF_MultipleInstanceTA.c,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_MultipleInstanceTA.c.patch)
+ $(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_files/TTA_TCF_SingleInstanceTA.c,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_SingleInstanceTA.c.patch)
$(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF/code_files/TTA_TCF.h,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF/code_patches/v1_1_0_4-2014_11_07/TTA_TCF.h.patch)
$(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_files/TTA_TCF_SingleInstanceTA_protocol.h,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_SingleInstanceTA_protocol.h.patch)
$(call patch-file,${CFG_GP_PACKAGE_PATH}/TTAs/TTA_Time/TTA_Time/code_files/TTA_Time_protocol.h,${CFG_GP_XSL_PACKAGE_PATH}/TTAs/TTA_Time/code_patches/v1_1_0_4-2014_11_07/TTA_Time_protocol.h.patch)
diff --git a/host/xtest/xml/include/xml_internal_api.h b/host/xtest/xml/include/xml_internal_api.h
index af2260c..998dcc5 100644
--- a/host/xtest/xml/include/xml_internal_api.h
+++ b/host/xtest/xml/include/xml_internal_api.h
@@ -452,8 +452,8 @@
uint32_t org;
ALLOCATE_AND_FILL_SHARED_MEMORY(CONTEXT01, SHARE_MEM01, BIG_SIZE,
- TEEC_MEMREF_PARTIAL_INPUT, sizeof(data),
- data)
+ TEEC_MEMREF_PARTIAL_INPUT,
+ strlen(data) + 1, data)
SET_SHARED_MEMORY_OPERATION_PARAMETER(0, 0, SHARE_MEM01,
SHARE_MEM01->size)
diff --git a/package/testsuite/global_platform/api_1.0/GP_XSL_TEE_Initial_Configuration-Test_Suite_v1_0_0-2014-12-03-STM/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_MultipleInstanceTA.c.patch b/package/testsuite/global_platform/api_1.0/GP_XSL_TEE_Initial_Configuration-Test_Suite_v1_0_0-2014-12-03-STM/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_MultipleInstanceTA.c.patch
new file mode 100644
index 0000000..ab05f09
--- /dev/null
+++ b/package/testsuite/global_platform/api_1.0/GP_XSL_TEE_Initial_Configuration-Test_Suite_v1_0_0-2014-12-03-STM/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_MultipleInstanceTA.c.patch
@@ -0,0 +1,19 @@
+--- TEE_Initial_Configuration-Test_Suite_v1_1_0_4-2014_11_07/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_files/TTA_TCF_MultipleInstanceTA.c 2012-05-14 16:40:28.000000000 +0200
++++ TEE_Initial_Configuration-Test_Suite_v1_1_0_4-2014_11_07-patched/TTAs/TTA_TCF/TTA_TCF_MultipleInstanceTA/code_files/TTA_TCF_MultipleInstanceTA.c 2015-12-04 15:31:18.255886195 +0100
+@@ -14,6 +14,7 @@
+ * ---------------------------------------------------------------------------- */
+ #include "tee_internal_api.h"
+ #include "TTA_TCF_MultipleInstanceTA_protocol.h"
++#include <string.h>
+
+
+ /* ----------------------------------------------------------------------------
+@@ -128,7 +129,7 @@
+ pDataBuffer = (char*) TEE_GetInstanceData(); // retrieve the pointer
+ if(pDataBuffer == NULL)
+ return TEE_ERROR_GENERIC; // if the pointer is NULL, it is because the function SetInstanceData has not been called
+- nStringSize = sizeof(pDataBuffer); // retrieve the length of the string stored
++ nStringSize = strlen(pDataBuffer) + 1; // retrieve the length of the string stored
+
+ if(pParams[0].memref.size < nStringSize)
+ {
diff --git a/package/testsuite/global_platform/api_1.0/GP_XSL_TEE_Initial_Configuration-Test_Suite_v1_0_0-2014-12-03-STM/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_SingleInstanceTA.c.patch b/package/testsuite/global_platform/api_1.0/GP_XSL_TEE_Initial_Configuration-Test_Suite_v1_0_0-2014-12-03-STM/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_SingleInstanceTA.c.patch
new file mode 100644
index 0000000..4d43443
--- /dev/null
+++ b/package/testsuite/global_platform/api_1.0/GP_XSL_TEE_Initial_Configuration-Test_Suite_v1_0_0-2014-12-03-STM/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_patches/v1_1_0_4-2014_11_07/TTA_TCF_SingleInstanceTA.c.patch
@@ -0,0 +1,19 @@
+--- TEE_Initial_Configuration-Test_Suite_v1_1_0_4-2014_11_07/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_files/TTA_TCF_SingleInstanceTA.c 2012-09-25 09:25:43.000000000 +0200
++++ TEE_Initial_Configuration-Test_Suite_v1_1_0_4-2014_11_07-patched/TTAs/TTA_TCF/TTA_TCF_SingleInstanceTA/code_files/TTA_TCF_SingleInstanceTA.c 2015-12-04 15:34:35.426833358 +0100
+@@ -15,6 +15,7 @@
+ * ---------------------------------------------------------------------------- */
+ #include "tee_internal_api.h"
+ #include "TTA_TCF_SingleInstanceTA_protocol.h"
++#include <string.h>
+
+
+ /* ----------------------------------------------------------------------------
+@@ -129,7 +130,7 @@
+ pDataBuffer = (char*) TEE_GetInstanceData(); // retrieve the pointer
+ if(pDataBuffer == NULL)
+ return TEE_ERROR_GENERIC; // if the pointer is NULL, it is because the function SetInstanceData has not been called
+- nStringSize = sizeof(pDataBuffer); // retrieve the length of the string stored
++ nStringSize = strlen(pDataBuffer) + 1; // retrieve the length of the string stored
+
+ if(pParams[0].memref.size < nStringSize)
+ {