From e3520059cfae54e7974189fc6692ea5fc8cb8ba6 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Sun, 14 Jul 2024 21:14:07 -0400
Subject: [PATCH] tpm2: Print error message when invalid hash algorithm id
 appears (Coverity)

In case a hash algorithm id has a value >= 64 print out and error. This
should never occur since any hash algorithm id should have been set through
unmarshalling or by TPM 2-internal code.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/NVMarshal.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 74e26dbc..c4e4d6a5 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -863,7 +863,12 @@ pcrbanks_algs_active(const TPML_PCR_SELECTION *pcrAllocated)
     for(i = 0; i < pcrAllocated->count; i++) {
         for (j = 0; j < pcrAllocated->pcrSelections[i].sizeofSelect; j++) {
             if (pcrAllocated->pcrSelections[i].pcrSelect[j]) {
-                algs_active |= ((UINT64)1 << pcrAllocated->pcrSelections[i].hash);
+                if (pcrAllocated->pcrSelections[i].hash >= 64) {
+                    TPMLIB_LogTPM2Error("pcrbanks_algs_active: invalid hash alg id: %d\n",
+                                        pcrAllocated->pcrSelections[i].hash);
+                } else {
+                    algs_active |= ((UINT64)1 << pcrAllocated->pcrSelections[i].hash);
+                }
                 break;
             }
         }