regression_4006: fix fuzzing shared memory content

Explicit uses the stack to refer to attribute TEE_ATTR_RSA_OAEP_MGF_HASH passed to the crypt TA in tests regression 4006.37 and 4006.38 as the current implementation makes to TA to see an uninitialized buffer reference. Link: OP-TEE/optee_os#6143 Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
OP-TEE · Jun 28, 2023 · a286b57 · a286b57
1 parent 232dfd2
commit a286b57
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
@@ -3832,6 +3832,7 @@ static void xtest_tee_test_4006(ADBG_Case_t *c)
 	uint32_t pub_key_type = 0;
 	uint32_t priv_key_type = 0;
 	uint32_t hash_algo = 0;
+	uint32_t sha1_algo_id = TEE_ALG_SHA1;
 
 	if (!ADBG_EXPECT_TEEC_SUCCESS(c,
 		xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
@@ -4132,9 +4133,9 @@ static void xtest_tee_test_4006(ADBG_Case_t *c)
 				algo_params[0].attributeID =
 					TEE_ATTR_RSA_OAEP_MGF_HASH;
 				algo_params[0].content.ref.length =
-					sizeof(uint32_t);
+					sizeof(sha1_algo_id);
 				algo_params[0].content.ref.buffer =
-					&(uint32_t){TEE_ALG_SHA1};
+					&sha1_algo_id;
 				num_algo_params = 1;
 			}