tpm: Check outgoing command size

In tpm_sendrecv_command() the command buffer is passed in. If a mistake is somehow made in setting this up, the size could be out of range. Add a sanity check for this. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 331152)
author: Simon Glass <sjg@chromium.org> 2021-05-13 19:39:29 -0600
committer: Tom Rini <trini@konsulko.com> 2021-07-15 18:42:05 -0400
commit: fdfae3727ce2d862c5b7d98106c987202d190712 (patch)
tree: 79cb881bd750eeccae6f9458c7c61734bfe0a8ae /lib
parent: 4d159b6f84abeaacb346cfd14a3b0c6fb86f43f9 (diff)
download: u-boot-fdfae3727ce2d862c5b7d98106c987202d190712.zip
u-boot-fdfae3727ce2d862c5b7d98106c987202d190712.tar.gz
u-boot-fdfae3727ce2d862c5b7d98106c987202d190712.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/tpm-common.c b/lib/tpm-common.c
index 4277846..82ffdc5 100644
--- a/lib/tpm-common.c
+++ b/lib/tpm-common.c
@@ -176,6 +176,11 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command,
 	}
 
 	size = tpm_command_size(command);
+
+	/* sanity check, which also helps coverity */
+	if (size > COMMAND_BUFFER_SIZE)
+		return log_msg_ret("size", -E2BIG);
+
 	log_debug("TPM request [size:%d]: ", size);
 	for (i = 0; i < size; i++)
 		log_debug("%02x ", ((u8 *)command)[i]);
author	Simon Glass <sjg@chromium.org>	2021-05-13 19:39:29 -0600
committer	Tom Rini <trini@konsulko.com>	2021-07-15 18:42:05 -0400
commit	fdfae3727ce2d862c5b7d98106c987202d190712 (patch)
tree	79cb881bd750eeccae6f9458c7c61734bfe0a8ae /lib
parent	4d159b6f84abeaacb346cfd14a3b0c6fb86f43f9 (diff)
download	u-boot-fdfae3727ce2d862c5b7d98106c987202d190712.zip u-boot-fdfae3727ce2d862c5b7d98106c987202d190712.tar.gz u-boot-fdfae3727ce2d862c5b7d98106c987202d190712.tar.bz2