tpm: sandbox: fix wrong check on pcr_map
The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.
This has been found thanks to a Coverity Scan report:
CID 183370: Memory - illegal accesses (UNINIT)
Using uninitialized value "pcr_index".
put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);
This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.
Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index 66f6c9b..b15ec73 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -272,7 +272,7 @@
u32 capability, property, property_count;
/* TPM2_PCR_Read/Extend variables */
- int pcr_index;
+ int pcr_index = 0;
u64 pcr_map = 0;
u32 selections, pcr_nb;
u16 alg;
@@ -483,8 +483,8 @@
return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
}
- if (pcr_map >> SANDBOX_TPM_PCR_NB) {
- printf("Wrong PCR map.\n");
+ if (!pcr_map) {
+ printf("Empty PCR map.\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
}