From 9685ea263f994537430323fb1681b210395eee7c Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD=20=D0=9F=D0=B0=D0=BB=D0=B0?=

 =?UTF-8?q?=D1=83=D0=B7=D0=BE=D0=B2?= <git-dpa@aegee.org>

Date: Tue, 2 Apr 2019 16:18:32 +0000

Subject: [PATCH] lib/tpm2_util.c:string_to_uint32: ensure the string does not

 overflow in uint32

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Before this change input of "4294967295" generated output of 4294967295, which

is UINT32_MAX = 2**32 - 1.  But input "4294967296" created output of 0.  The

function is supposed to fail if the number is too big, rather than silently

convert unsigned long int to uint32_t, ignoring some bits.

Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>

---

 lib/tpm2_util.c | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c

index edfda4a8b0b..ca9d8b7f4d7 100644

--- a/lib/tpm2_util.c

+++ b/lib/tpm2_util.c

@@ -236,8 +236,8 @@ bool tpm2_util_string_to_uint32(const char *str, uint32_t *value) {

     /* clear errno before the call, should be 0 afterwards */

     errno = 0;

-    uint32_t tmp = strtoul(str, &endptr, 0);

-    if (errno) {

+    unsigned long int tmp = strtoul(str, &endptr, 0);

+    if (errno || tmp > UINT32_MAX) {

         return false;

     }

@@ -250,7 +250,7 @@ bool tpm2_util_string_to_uint32(const char *str, uint32_t *value) {

         return false;

     }

-    *value = tmp;

+    *value = (uint32_t) tmp;

     return true;

 }

-- 

2.21.0