From 6fd8db6bb3b23b9e41f109135253f77263071f46 Mon Sep 17 00:00:00 2001

From: Chris Coulson <chris.coulson@canonical.com>

Date: Sat, 22 Jun 2019 15:33:03 +0100

Subject: [PATCH 37/62] tpm: Fix off-by-one error when calculating event size

tpm_log_event_raw() allocates a buffer for the EFI_TCG2_EVENT structure

that is one byte larger than necessary, and sets event->Size accordingly.

The result of this is that the event data recorded in the log differs

from the data that is measured to the TPM (it has an extra zero byte

at the end).

Upstream-commit-id: 8a27a4809a6

---

 tpm.c | 6 ++++--

 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tpm.c b/tpm.c

index f07362c70bb..516fb876caa 100644

--- a/tpm.c

+++ b/tpm.c

@@ -131,8 +131,10 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,

 #endif

 	} else if (tpm2) {

 		EFI_TCG2_EVENT *event;

+		UINTN event_size = sizeof(*event) - sizeof(event->Event) +

+			logsize;

-		event = AllocatePool(sizeof(*event) + logsize);

+		event = AllocatePool(event_size);

 		if (!event) {

 			perror(L"Unable to allocate event structure\n");

 			return EFI_OUT_OF_RESOURCES;

@@ -142,7 +144,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,

 		event->Header.HeaderVersion = 1;

 		event->Header.PCRIndex = pcr;

 		event->Header.EventType = type;

-		event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1;

+		event->Size = event_size;

 		CopyMem(event->Event, (VOID *)log, logsize);

 		if (hash) {

 			/* TPM 2 systems will generate the appropriate hash

-- 

2.26.2