From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.3943.1576482768864842752 for ; Sun, 15 Dec 2019 23:52:48 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: shenglei.zhang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Dec 2019 23:52:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,320,1571727600"; d="scan'208";a="217090930" Received: from shenglei-dev.ccr.corp.intel.com ([10.239.158.52]) by orsmga006.jf.intel.com with ESMTP; 15 Dec 2019 23:52:47 -0800 From: "Zhang, Shenglei" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Chao Zhang Subject: [PATCH v2] SecurityPkg/Tpm2Help.c: Add boundary check for array Date: Mon, 16 Dec 2019 15:52:41 +0800 Message-Id: <20191216075241.13060-1-shenglei.zhang@intel.com> X-Mailer: git-send-email 2.18.0.windows.1 Add 'Index < HASH_COUNT' to ensure things out of digests[] can not be visited. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Shenglei Zhang --- v2: Remove the comma operator and use &&. SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index 36c240d1221c..d7bc94006003 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -299,7 +299,7 @@ GetDigestListSize ( UINT32 TotalSize; TotalSize = sizeof(DigestList->count); - for (Index = 0; Index < DigestList->count; Index++) { + for (Index = 0; Index < DigestList->count && Index < HASH_COUNT; Index++) { DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize; } -- 2.18.0.windows.1