(RHEL-56793) repart: avoid use of uninitialized TPM2B_PUBLIC data

[dtardon]

The 'TPM2B public' struct is only initialized if the public key is non-NULL, however, it is unconditionally passed to tpm2_calculate_sealing_policy, resulting in use of uninitialized data. If the uninitialized data is lucky enough to be all zeroes, this results eventually results in an error message from tpm2_calculate_name about an unsupported nameAlg field value.

Signed-off-by: Daniel P. Berrangé berrange@redhat.com
(cherry picked from commit a3ad5c3)

Resolves: RHEL-56793

[github-actions]

Commit validation

Tracker - RHEL-56793

The following commits meet all requirements

commit	upstream
db07cb0 - repart: avoid use of uninitialized TPM2B_PUBLIC data	systemd/systemd@a3ad5c3

---

Tracker validation

Success

🟢 Tracker RHEL-56793 has set desired product: rhel-9.6
🟢 Tracker RHEL-56793 has set desired component: systemd
🟢 Tracker RHEL-56793 has been approved
🟢 Tracker RHEL-56793 has set severity

---

Pull Request validation

Success

🟡 CI - Waived
🟢 Review - Reviewed by a member
🟢 Approval - Changes were approved

---

Auto Merge

Success

🟢 Pull Request is not marked as draft and it's not blocked by dont-merge label
🟢 Pull Request meet requirements, title has correct form
🟢 Pull Request meet requirements, mergeable is true
🟠 Pull Request meet requirements, mergeable_state is unstable
🟢 Pull Request has correct target branch main
🟢 Pull Request was merged

[msekletar]

LGTM

[jamacku]

CI failures are unrelated to these changes:

Enrolling secure boot keys from directory: \loader\keys\auto
Failed to write PK secure boot variable: Security violation
systemd-stub@0x67db6000,0x67dce000
Overlapping PE sections detected. Boot may fail due to image memory corruption!