Disclaimer: I could not complie-test or runtime-test these patches right now. This is a pure code-only review of the patches.
Looks good. Am Mittwoch, den 09.04.2014, 15:41 -0300 schrieb [email protected]: > From: Richard Maciel <[email protected]> > > Related coverity CID 10289 > > tcs_wrap_NV_ReadValueAuth can call TCSP_NV_ReadValueAuth_Internal > with a null auth. However, the latter was dereferencing the pointer > var containing the auth data without checking it, which possibly could > cause a dereference null error. > > Signed-off-by: Richard Maciel <[email protected]> > --- > src/tcs/tcsi_nv.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/tcs/tcsi_nv.c b/src/tcs/tcsi_nv.c > index f19ab94..1c867ea 100644 > --- a/src/tcs/tcsi_nv.c > +++ b/src/tcs/tcsi_nv.c > @@ -202,7 +202,7 @@ TCSP_NV_ReadValueAuth_Internal(TCS_CONTEXT_HANDLE > hContext, /* in */ > LogDebugFn("Enter"); > if ((result = ctx_verify_context(hContext))) > return result; > - if ((result = auth_mgr_check(hContext, &NVAuth->AuthHandle))) > + if ((NVAuth != NULL) && (result = auth_mgr_check(hContext, > &NVAuth->AuthHandle))) > goto done; > > if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValueAuth, &off_set, txBlob, > hNVStore, offset, ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
