Skip to content

Commit

Permalink
FAPI: Fix authorization session handling.
Browse files Browse the repository at this point in the history
If no policy is used the sessíon2 in FAPI context must be initalized
with ESYS_TR_NONE in the authorization function.
The macro ENC_SESSION_IF_POLIY did produce an invalid ESYS handle if
session2 was not initialized.

Signed-off-by: Jsuergen Repp <[email protected]>
  • Loading branch information
JuergenReppSIT committed Dec 5, 2023
1 parent 182b027 commit cdf9217
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/tss2-fapi/fapi_int.h
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ typedef struct {

#define ENC_SESSION_IF_POLICY(auth_session) \
(auth_session == ESYS_TR_PASSWORD || auth_session == ESYS_TR_NONE || \
auth_session == context->session2) ? ESYS_TR_NONE : context->session2
!context->session2) ? ESYS_TR_NONE : context->session2

/** The states for the FAPI's object authorization state*/
enum IFAPI_GET_CERT_STATE {
Expand Down
1 change: 1 addition & 0 deletions src/tss2-fapi/fapi_util.c
Original file line number Diff line number Diff line change
Expand Up @@ -2177,6 +2177,7 @@ ifapi_authorize_object(FAPI_CONTEXT *context, IFAPI_OBJECT *object, ESYS_TR *ses
else
/* Use password session if session1 had not been created */
*session = ESYS_TR_PASSWORD;
context->session2 = ESYS_TR_NONE;
break;
}

Expand Down

0 comments on commit cdf9217

Please sign in to comment.