Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2026-01-02 14:36:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpm2: Prevent a potential buffer overrun (Coverity)

Browse Source 
Prevent a potential buffer overrun by checking that EVP_DecryptUpdate()
has not overrun the buffer it was passed in, so this overrun should
never occurr unless EVP_DecryptUpdate() was wrong. Also the pAssert above
it should have taken care of it already.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2021-02-21 08:24:35 -05:00 committed by Stefan Berger
parent 00860abce3
commit 5710d697bf
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/tpm2/crypto/openssl/CryptSym.c
View File

@ -703,7 +703,8 @@ CryptSymmetricDecrypt(
pAssert((int)buffersize >= outlen1);
if (EVP_DecryptFinal(ctx, &buffer[outlen1], &outlen2) != 1)
if ((int)buffersize <= outlen1 /* coverity */ ||
EVP_DecryptFinal(ctx, &buffer[outlen1], &outlen2) != 1)
ERROR_RETURN(TPM_RC_FAILURE);
pAssert((int)buffersize >= outlen1 + outlen2);