From 5710d697bf5d1850f3dc00117cdcdc3337a0fe5a Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 21 Feb 2021 08:24:35 -0500
Subject: [PATCH] tpm2: Prevent a potential buffer overrun (Coverity)

Prevent a potential buffer overrun by checking that EVP_DecryptUpdate()
has not overrun the buffer it was passed in, so this overrun should
never occurr unless EVP_DecryptUpdate() was wrong. Also the pAssert above
it should have taken care of it already.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/crypto/openssl/CryptSym.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c
index a88f11fd..dc35100f 100644
--- a/src/tpm2/crypto/openssl/CryptSym.c
+++ b/src/tpm2/crypto/openssl/CryptSym.c
@@ -703,7 +703,8 @@ CryptSymmetricDecrypt(
 
     pAssert((int)buffersize >= outlen1);
 
-    if (EVP_DecryptFinal(ctx, &buffer[outlen1], &outlen2) != 1)
+    if ((int)buffersize <= outlen1 /* coverity */ ||
+        EVP_DecryptFinal(ctx, &buffer[outlen1], &outlen2) != 1)
         ERROR_RETURN(TPM_RC_FAILURE);
 
     pAssert((int)buffersize >= outlen1 + outlen2);