From fd973ca6969e556bfeb74e69c5a6867785c9ea5c Mon Sep 17 00:00:00 2001 From: Miquel Raynal Date: Sun, 5 Aug 2018 18:53:06 +0200 Subject: tpm: sandbox: fix wrong check on pcr_map The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should check for pcr_map not being empty. Instead, it is a pure copy/paste of the first check which is redundant. This has been found thanks to a Coverity Scan report: CID 183370: Memory - illegal accesses (UNINIT) Using uninitialized value "pcr_index". put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv); This is because pcr_index is initialized only if the user input is correct, ie. at least one valid bit is set in pcr_map. Fix the second check and also initialize pcr_index to 0 (which is harmless in case of error) to make Coverity Scan happy. Reported-by: Tom Rini Signed-off-by: Miquel Raynal Reviewed-by: Simon Glass --- drivers/tpm/tpm2_tis_sandbox.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index 66f6c9ba82..b15ec732ad 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -272,7 +272,7 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, u32 capability, property, property_count; /* TPM2_PCR_Read/Extend variables */ - int pcr_index; + int pcr_index = 0; u64 pcr_map = 0; u32 selections, pcr_nb; u16 alg; @@ -483,8 +483,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); } - if (pcr_map >> SANDBOX_TPM_PCR_NB) { - printf("Wrong PCR map.\n"); + if (!pcr_map) { + printf("Empty PCR map.\n"); rc = TPM2_RC_VALUE; return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); } -- cgit v1.2.3