The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.
This has been found thanks to a Coverity Scan report:
CID 183370: Memory - illegal accesses (UNINIT)
Using uninitialized value "pcr_index".
put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);
This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.
Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.
Reported-by: Tom Rini <tr...@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.ray...@bootlin.com>
---
drivers/tpm/tpm2_tis_sandbox.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index 66f6c9ba82..b15ec732ad 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -272,7 +272,7 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8
*sendbuf,
u32 capability, property, property_count;
/* TPM2_PCR_Read/Extend variables */
- int pcr_index;
+ int pcr_index = 0;
u64 pcr_map = 0;
u32 selections, pcr_nb;
u16 alg;
@@ -483,8 +483,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8
*sendbuf,
return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
}
- if (pcr_map >> SANDBOX_TPM_PCR_NB) {
- printf("Wrong PCR map.\n");
+ if (!pcr_map) {
+ printf("Empty PCR map.\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
}
--
2.14.1
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
