tpm2: NVMarshal: Handle index orderly RAM without 0-sized terminating…

… node The NVRAM entries in s_indexOrderlyRam array do not need to contain a 0-sized terminating node. Instead, the entries may fill up this 512 byte array so that no NV_RAM_HEADER structure fits anymore. The fact that no more NV_RAM_HEADER structure fits is also an indicator for the last entry. We need to account for this in the code marshalling and unmarshalling the entries so that we stop marshalling the entries then and similarly stop unmarshalling. Signed-off-by: Stefan Berger <[email protected]>
stefanberger · Aug 4, 2021 · 1fb6cd9 · 1fb6cd9
1 parent ea62fd9
commit 1fb6cd9
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
@@ -4103,6 +4103,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
                                      datasize, buffer, size);
         }
         offset += nrh.size;
+        if (offset + sizeof(NV_RAM_HEADER) > array_size) {
+            /* nothing will fit anymore and there won't be a 0-sized
+             * terminating node (@1).
+             */
+            break;
+        }
     }
 
     written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
@@ -4144,6 +4150,16 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
          */
         nrhp = array + offset;
 
+        if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) {
+            /* this case can occur with the previous entry filling up the
+             * space; in this case there will not be a 0-sized terminating
+             * node (see @1 above). We clear the rest of our space.
+             */
+            if (array_size > offset)
+                memset(nrhp, 0, array_size - offset);
+            break;
+        }
+
         /* write the NVRAM header;
            nrh->size holds the complete size including data;
            nrh->size = 0 indicates the end */