From 9685ea263f994537430323fb1681b210395eee7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD=20=D0=9F=D0=B0=D0=BB=D0=B0?= =?UTF-8?q?=D1=83=D0=B7=D0=BE=D0=B2?= Date: Tue, 2 Apr 2019 16:18:32 +0000 Subject: [PATCH] lib/tpm2_util.c:string_to_uint32: ensure the string does not overflow in uint32 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this change input of "4294967295" generated output of 4294967295, which is UINT32_MAX = 2**32 - 1. But input "4294967296" created output of 0. The function is supposed to fail if the number is too big, rather than silently convert unsigned long int to uint32_t, ignoring some bits. Signed-Off-By: Дилян Палаузов --- lib/tpm2_util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c index edfda4a8b0b..ca9d8b7f4d7 100644 --- a/lib/tpm2_util.c +++ b/lib/tpm2_util.c @@ -236,8 +236,8 @@ bool tpm2_util_string_to_uint32(const char *str, uint32_t *value) { /* clear errno before the call, should be 0 afterwards */ errno = 0; - uint32_t tmp = strtoul(str, &endptr, 0); - if (errno) { + unsigned long int tmp = strtoul(str, &endptr, 0); + if (errno || tmp > UINT32_MAX) { return false; } @@ -250,7 +250,7 @@ bool tpm2_util_string_to_uint32(const char *str, uint32_t *value) { return false; } - *value = tmp; + *value = (uint32_t) tmp; return true; } -- 2.21.0