Skip to content

Commit

Permalink
Merge pull request #78 from dgarske/coverity
Browse files Browse the repository at this point in the history 
Fixes for coverity checks on buffers.
  • Loading branch information
@embhorn
embhorn authored Aug 15, 2019
2 parents b26a955 + 0b8e2ba commit ebca4ce
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/tpm2_wrap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1005,7 +1005,7 @@ int wolfTPM2_LoadEccPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
return BUFFER_E;
if (eccPubYSz > sizeof(pub.publicArea.unique.ecc.y.buffer))
return BUFFER_E;
if (eccPrivSz > sizeof(sens.sensitiveArea.sensitive.rsa.buffer))
if (eccPrivSz > sizeof(sens.sensitiveArea.sensitive.ecc.buffer))
return BUFFER_E;

/* Set up public key */
Expand Down Expand Up @@ -1469,10 +1469,16 @@ int wolfTPM2_VerifyHash_ex(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
if (curveSize <= 0 || sigSz < (curveSize * 2)) {
return BAD_FUNC_ARG;
}
/* verify curvesize cannot exceed buffer */
if (curveSize > (int)sizeof(verifySigIn.signature.signature.ecdsa.signatureR.buffer))
return BAD_FUNC_ARG;

/* hash cannot be larger than key size for TPM */
if (digestSz > curveSize)
digestSz = curveSize;
/* verify input cannot exceed buffer */
if (digestSz > (int)sizeof(verifySigIn.digest.buffer))
digestSz = (int)sizeof(verifySigIn.digest.buffer);

/* set session auth for key */
dev->session[0].auth = key->handle.auth;
Expand Down

0 comments on commit ebca4ce

Please sign in to comment.