From: Miquel Raynal <miquel.raynal@bootlin.com>
Date: Sun, 5 Aug 2018 16:53:06 +0000 (+0200)
Subject: tpm: sandbox: fix wrong check on pcr_map
X-Git-Tag: v2025.01-rc5-pxa1908~3744
X-Git-Url: http://git.dujemihanovic.xyz/img/html/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=fd973ca6969e556bfeb74e69c5a6867785c9ea5c;p=u-boot.git

tpm: sandbox: fix wrong check on pcr_map

The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.

This has been found thanks to a Coverity Scan report:

    CID 183370:  Memory - illegal accesses  (UNINIT)
    Using uninitialized value "pcr_index".
        put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);

This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.

Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.

Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---

diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index 66f6c9ba82..b15ec732ad 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -272,7 +272,7 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 	u32 capability, property, property_count;
 
 	/* TPM2_PCR_Read/Extend variables */
-	int pcr_index;
+	int pcr_index = 0;
 	u64 pcr_map = 0;
 	u32 selections, pcr_nb;
 	u16 alg;
@@ -483,8 +483,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 			return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
 		}
 
-		if (pcr_map >> SANDBOX_TPM_PCR_NB) {
-			printf("Wrong PCR map.\n");
+		if (!pcr_map) {
+			printf("Empty PCR map.\n");
 			rc = TPM2_RC_VALUE;
 			return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
 		}