Merge pull request #463 from aidangarske/fix-coverity-2-25

dgarske · web-flow · commit 366e4d625a27 · 2026-02-26T15:53:53.000-08:00
Fix coverity scan issues in wolfTPM
diff --git a/examples/attestation/activate_credential.c b/examples/attestation/activate_credential.c
@@ -192,6 +192,20 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
     }
     printf("Read credential blob and secret from %s, %d bytes\n",
         input, dataSize);
+    /* Validate sizes from file data to prevent buffer overrun */
+    if (activCredIn.credentialBlob.size >
+            sizeof(activCredIn.credentialBlob.buffer)) {
+        printf("Credential blob size %d exceeds buffer\n",
+            activCredIn.credentialBlob.size);
+        rc = BAD_FUNC_ARG;
+        goto exit;
+    }
+    if (activCredIn.secret.size > sizeof(activCredIn.secret.secret)) {
+        printf("Secret size %d exceeds buffer\n",
+            activCredIn.secret.size);
+        rc = BAD_FUNC_ARG;
+        goto exit;
+    }
 #else
     printf("Can not load credential. File support not enabled\n");
     goto exit;
diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c
@@ -156,6 +156,11 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[])
     wolfTPM2_GetRandom(&dev, makeCredIn.credential.buffer,
                              makeCredIn.credential.size);
     /* Set the object name */
+    if (name.size > sizeof(makeCredIn.objectName.name)) {
+        printf("Name size %d exceeds buffer\n", name.size);
+        rc = BAD_FUNC_ARG;
+        goto exit;
+    }
     makeCredIn.objectName.size = name.size;
     XMEMCPY(makeCredIn.objectName.name, name.name,
             makeCredIn.objectName.size);
diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c
@@ -74,6 +74,7 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[])
     BYTE dataBuffer[1024];
     enum wc_HashType hashType;
     wc_HashAlg dig;
+    int hashInitialized = 0;
 #endif
 
     union {
@@ -153,15 +154,24 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[])
     if (fp != XBADFILE) {
         rc = TPM2_GetHashType(alg);
         hashType = (enum wc_HashType)rc;
-        wc_HashInit(&dig, hashType);
-        while (!XFEOF(fp)) {
+        rc = wc_HashInit(&dig, hashType);
+        if (rc == 0)
+            hashInitialized = 1;
+        while (rc == 0 && !XFEOF(fp)) {
             len = XFREAD(dataBuffer, 1, sizeof(dataBuffer), fp);
             if (len > 0) {
-                wc_HashUpdate(&dig, hashType, dataBuffer, (int)len);
+                rc = wc_HashUpdate(&dig, hashType, dataBuffer, (int)len);
             }
         }
         XFCLOSE(fp);
-        wc_HashFinal(&dig, hashType, hash);
+        if (rc == 0)
+            rc = wc_HashFinal(&dig, hashType, hash);
+        if (hashInitialized)
+            wc_HashFree(&dig, hashType);
+        if (rc != 0) {
+            printf("Hash operation failed %d\n", rc);
+            goto exit;
+        }
 
         XMEMCPY(cmdIn.pcrExtend.digests.digests[0].digest.H,
                 hash, hashSz);
diff --git a/src/tpm2_linux.c b/src/tpm2_linux.c
@@ -144,17 +144,16 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)
                     rspSz = (int)ret;
                     rc = TPM_RC_SUCCESS;
                 }
-                else if (ret == 0) {
-                #ifdef DEBUG_WOLFTPM
-                    printf("Received EOF(0) from %s: errno %d = %s\n",
-                        TPM2_LINUX_DEV, errno, strerror(errno));
-                #endif
-                    rc = TPM_RC_FAILURE;
-                }
                 else {
                 #ifdef DEBUG_WOLFTPM
-                    printf("Failed to read from %s: errno %d = %s\n",
-                        TPM2_LINUX_DEV, errno, strerror(errno));
+                    if (ret == 0) {
+                        printf("Received EOF from %s\n", TPM2_LINUX_DEV);
+                    }
+                    else {
+                        printf("Failed to read from %s (ret %zd):"
+                            " errno %d = %s\n", TPM2_LINUX_DEV, ret,
+                            errno, strerror(errno));
+                    }
                 #endif
                     rc = TPM_RC_FAILURE;
                 }
diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c
@@ -209,6 +209,14 @@ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey,
         return BUFFER_E;
     }
 
+    /* Validate source key sizes to prevent overrun of source buffers */
+    if (sessKey->size > sizeof(sessKey->buffer)) {
+        return BUFFER_E;
+    }
+    if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) {
+        return BUFFER_E;
+    }
+
     /* Validate key sizes before copy to prevent buffer overflow */
     if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) {
         return BUFFER_E;
@@ -264,6 +272,14 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey,
         return BUFFER_E;
     }
 
+    /* Validate source key sizes to prevent overrun of source buffers */
+    if (sessKey->size > sizeof(sessKey->buffer)) {
+        return BUFFER_E;
+    }
+    if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) {
+        return BUFFER_E;
+    }
+
     /* Validate key sizes before copy to prevent buffer overflow */
     if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) {
         return BUFFER_E;
@@ -321,6 +337,14 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey,
         return BUFFER_E;
     }
 
+    /* Validate source key sizes to prevent overrun of source buffers */
+    if (sessKey->size > sizeof(sessKey->buffer)) {
+        return BUFFER_E;
+    }
+    if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) {
+        return BUFFER_E;
+    }
+
     /* Validate key sizes before copy to prevent buffer overflow */
     if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) {
         return BUFFER_E;
@@ -387,6 +411,14 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey,
         return BUFFER_E;
     }
 
+    /* Validate source key sizes to prevent overrun of source buffers */
+    if (sessKey->size > sizeof(sessKey->buffer)) {
+        return BUFFER_E;
+    }
+    if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) {
+        return BUFFER_E;
+    }
+
     /* Validate key sizes before copy to prevent buffer overflow */
     if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) {
         return BUFFER_E;
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -123,7 +123,9 @@ static int wolfTPM2_Init_ex(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx,
     rc = TPM2_Init_ex(ctx, ioCb, userCtx, timeoutTries);
 #endif
     if (rc != TPM_RC_SUCCESS) {
+    #ifdef DEBUG_WOLFTPM
         printf("TPM2_Init failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
+    #endif
         return rc;
     }
 #ifdef DEBUG_WOLFTPM
