From f13cf1774615218683049dd800075fd35f722f51 Mon Sep 17 00:00:00 2001 From: Juergen Repp Date: Tue, 5 Dec 2023 20:39:58 +0100 Subject: [PATCH] FAPI: Fix authorization session handling. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If no policy is used the sessíon2 in FAPI context must be initialized with ESYS_TR_NONE in the authorization function. The macro ENC_SESSION_IF_POLIY did produce an invalid ESYS handle if session2 was not initialized. Signed-off-by: Juergen Repp --- src/tss2-fapi/fapi_int.h | 2 +- src/tss2-fapi/fapi_util.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tss2-fapi/fapi_int.h b/src/tss2-fapi/fapi_int.h index a9a542420..b172bb31c 100644 --- a/src/tss2-fapi/fapi_int.h +++ b/src/tss2-fapi/fapi_int.h @@ -129,7 +129,7 @@ typedef struct { #define ENC_SESSION_IF_POLICY(auth_session) \ (auth_session == ESYS_TR_PASSWORD || auth_session == ESYS_TR_NONE || \ - auth_session == context->session2) ? ESYS_TR_NONE : context->session2 + !context->session2) ? ESYS_TR_NONE : context->session2 /** The states for the FAPI's object authorization state*/ enum IFAPI_GET_CERT_STATE { diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c index 27362f85d..f67d398c3 100644 --- a/src/tss2-fapi/fapi_util.c +++ b/src/tss2-fapi/fapi_util.c @@ -2177,6 +2177,7 @@ ifapi_authorize_object(FAPI_CONTEXT *context, IFAPI_OBJECT *object, ESYS_TR *ses else /* Use password session if session1 had not been created */ *session = ESYS_TR_PASSWORD; + context->session2 = ESYS_TR_NONE; break; }