From: Richard Maciel <[email protected]> Related coverity CID 10289
tcs_wrap_NV_ReadValueAuth can call TCSP_NV_ReadValueAuth_Internal with a null auth. However, the latter was dereferencing the pointer var containing the auth data without checking it, which possibly could cause a dereference null error. Signed-off-by: Richard Maciel <[email protected]> --- src/tcs/tcsi_nv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tcs/tcsi_nv.c b/src/tcs/tcsi_nv.c index f19ab94..1c867ea 100644 --- a/src/tcs/tcsi_nv.c +++ b/src/tcs/tcsi_nv.c @@ -202,7 +202,7 @@ TCSP_NV_ReadValueAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; - if ((result = auth_mgr_check(hContext, &NVAuth->AuthHandle))) + if ((NVAuth != NULL) && (result = auth_mgr_check(hContext, &NVAuth->AuthHandle))) goto done; if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValueAuth, &off_set, txBlob, hNVStore, offset, -- 1.8.5.3 ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
