From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.7319.1575596976508656093 for ; Thu, 05 Dec 2019 17:49:36 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: shenglei.zhang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Dec 2019 17:49:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,282,1571727600"; d="scan'208";a="214297335" Received: from shenglei-dev.ccr.corp.intel.com ([10.239.158.52]) by orsmga006.jf.intel.com with ESMTP; 05 Dec 2019 17:49:34 -0800 From: "Zhang, Shenglei" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Chao Zhang Subject: [PATCH] SecurityPkg/Tpm2Help.c: Add boundary check for array Date: Fri, 6 Dec 2019 09:49:33 +0800 Message-Id: <20191206014933.36648-1-shenglei.zhang@intel.com> X-Mailer: git-send-email 2.18.0.windows.1 Add 'Index < HASH_COUNT' to ensure things out of boundary of digests[] can not be visited. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Shenglei Zhang --- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index 36c240d1221c..a7d4e3ab5373 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -299,7 +299,7 @@ GetDigestListSize ( UINT32 TotalSize; TotalSize = sizeof(DigestList->count); - for (Index = 0; Index < DigestList->count; Index++) { + for (Index = 0; Index < DigestList->count, Index < HASH_COUNT; Index++) { DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize; } -- 2.18.0.windows.1