Skip to content

Coverity CID 910531/910532: bound decrypted seed length and clamp packet parse offset#543

Merged
aidangarske merged 1 commit into
wolfSSL:masterfrom
dgarske:coverity_910531_910532
Jun 30, 2026
Merged

Coverity CID 910531/910532: bound decrypted seed length and clamp packet parse offset#543
aidangarske merged 1 commit into
wolfSSL:masterfrom
dgarske:coverity_910531_910532

Conversation

@dgarske

@dgarske dgarske commented Jun 30, 2026

Copy link
Copy Markdown
Member

Fixes Coverity CID 910531 (OVERRUN) and CID 910532 (TAINTED_SCALAR).

  • 910531: FwDecryptSeed() now fails closed if a decrypted seed exceeds the caller's buffer, bounding saltSize in FwCmd_StartAuthSession() (covers all four seed-decrypt callers).
  • 910532: TPM2_Packet_ParseBytes() clamps pos to size on a truncated read so a tainted length can't run the parse offset past the buffer.

@aidangarske aidangarske merged commit 7d9fcd4 into wolfSSL:master Jun 30, 2026
199 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants