tpm2 PCRs: fix unchecked attempt to set PCR[24]

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 530a454c6a4d3c8445c102646b5a8d0c0f8be211..73fd833cc69e182b4bb692087a582a4de618f853 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -3152,4 +3152,4 @@ static const char* const pcr_index_table[_PCR_INDEX_MAX_DEFINED] = {
         [PCR_APPLICATION_SUPPORT] = "application-support",
 };
 
-DEFINE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_FALLBACK(pcr_index, int, TPM2_PCRS_MAX);
+DEFINE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_FALLBACK(pcr_index, int, TPM2_PCRS_MAX - 1);

diff --git a/src/test/test-tpm2.c b/src/test/test-tpm2.c
index 3e989251d861534f19ee2e712654068622a02e8f..fb23d4319adafdcd802cb199bc9497b5fad42ff3 100644 (file)
--- a/src/test/test-tpm2.c
+++ b/src/test/test-tpm2.c
@@ -33,7 +33,7 @@ TEST(tpm2_mask_from_string) {
         test_tpm2_pcr_mask_from_string_one("sysexts,shim-policy+kernel-boot", 26624, 0);
         test_tpm2_pcr_mask_from_string_one("sysexts,shim+kernel-boot", 0, -EINVAL);
         test_tpm2_pcr_mask_from_string_one("sysexts+17+23", 8527872, 0);
-        test_tpm2_pcr_mask_from_string_one("debug+24", 16842752, 0);
+        test_tpm2_pcr_mask_from_string_one("debug+24", 0, -EINVAL);
 }
 
 TEST(pcr_index_from_string) {
@@ -73,6 +73,7 @@ TEST(pcr_index_from_string) {
         assert_se(pcr_index_from_string("8") == 8);
         assert_se(pcr_index_from_string("44") == -EINVAL);
         assert_se(pcr_index_from_string("-5") == -EINVAL);
+        assert_se(pcr_index_from_string("24") == -EINVAL);
 }
 
 TEST(tpm2_util_pbkdf2_hmac_sha256) {