From: Dan Streetman <ddstreet@ieee.org>
Date: Fri, 4 Aug 2023 20:12:05 +0000 (-0400)
Subject: tpm2: use ELEMENTSOF() instead of sizeof() for TPML_PCR_SELECTION pcrSelections field
X-Git-Tag: v255-rc1~813
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9afd4dde22f852fa4643799b218bef268a76272c;p=thirdparty%2Fsystemd.git

tpm2: use ELEMENTSOF() instead of sizeof() for TPML_PCR_SELECTION pcrSelections field

The count field indicates the number of elements in the pcrSelections field,
and the size of each elements is greater than 1 byte, so using sizeof() is
incorrect when verifying the count field is valid; instead ELEMENTSOF() should
be used.

Caught by coverity check: https://github.com/systemd/systemd/pull/26331#pullrequestreview-1556629586
---

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 21ee4dc8e01..3f517d5919b 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -1325,7 +1325,7 @@ size_t tpm2_tpms_pcr_selection_weight(const TPMS_PCR_SELECTION *s) {
 /* Remove the (0-based) index entry from 'l', shift all following entries, and update the count. */
 static void tpm2_tpml_pcr_selection_remove_index(TPML_PCR_SELECTION *l, uint32_t index) {
         assert(l);
-        assert(l->count <= sizeof(l->pcrSelections));
+        assert(l->count <= ELEMENTSOF(l->pcrSelections));
         assert(index < l->count);
 
         size_t s = l->count - (index + 1);
@@ -1341,6 +1341,7 @@ static TPMS_PCR_SELECTION *tpm2_tpml_pcr_selection_get_tpms_pcr_selection(
                 TPMI_ALG_HASH hash_alg) {
 
         assert(l);
+        assert(l->count <= ELEMENTSOF(l->pcrSelections));
 
         TPMS_PCR_SELECTION *selection = NULL;
         FOREACH_TPMS_PCR_SELECTION_IN_TPML_PCR_SELECTION(s, l)
@@ -1421,13 +1422,13 @@ void tpm2_tpml_pcr_selection_add_tpms_pcr_selection(TPML_PCR_SELECTION *l, const
         }
 
         /* It's already broken if the count is higher than the array has size for. */
-        assert(!(l->count > sizeof(l->pcrSelections)));
+        assert(l->count <= ELEMENTSOF(l->pcrSelections));
 
         /* If full, the cleanup should result in at least one available entry. */
-        if (l->count == sizeof(l->pcrSelections))
+        if (l->count == ELEMENTSOF(l->pcrSelections))
                 tpm2_tpml_pcr_selection_cleanup(l);
 
-        assert(l->count < sizeof(l->pcrSelections));
+        assert(l->count < ELEMENTSOF(l->pcrSelections));
         l->pcrSelections[l->count++] = *s;
 }
 
@@ -1508,7 +1509,7 @@ char *tpm2_tpml_pcr_selection_to_string(const TPML_PCR_SELECTION *l) {
 
 size_t tpm2_tpml_pcr_selection_weight(const TPML_PCR_SELECTION *l) {
         assert(l);
-        assert(l->count <= sizeof(l->pcrSelections));
+        assert(l->count <= ELEMENTSOF(l->pcrSelections));
 
         size_t weight = 0;
         FOREACH_TPMS_PCR_SELECTION_IN_TPML_PCR_SELECTION(s, l) {