From: Richard Maciel <[email protected]> Related to coverit CID 10255.
Return value of memcmp was being converted to TSS_BOOL type before being tested, thus possibly missing information (since it can return an integer value != of zero, depending on the differences found). Signed-off-by: Richard Maciel <[email protected]> --- src/tspi/tsp_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tspi/tsp_auth.c b/src/tspi/tsp_auth.c index 4a57ae7..5ee6f5d 100755 --- a/src/tspi/tsp_auth.c +++ b/src/tspi/tsp_auth.c @@ -359,7 +359,7 @@ validateReturnAuth(BYTE *secret, BYTE *hash, TPM_AUTH *auth) memcpy(digest, &auth->HMAC, 20); HMAC_Auth(secret, hash, auth); - return ((TSS_BOOL) memcmp(digest, &auth->HMAC, 20) != 0); + return ((TSS_BOOL) (memcmp(digest, &auth->HMAC, 20) != 0)); } void -- 1.8.5.3 ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
