From 6f7df6bf996278fb94d259eae676d123fe4f3c68 Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Mon, 15 Apr 2024 13:52:38 +0200
Subject: [PATCH] FAPI: Fix length check in auth callback.

The max size of the value returned by the auth value
callback sizeof(TPMU_HA) is now checked.

Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
 src/tss2-fapi/fapi_util.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index 8847bbfcc..2fff9cb67 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -440,6 +440,10 @@ ifapi_set_auth(
         return_if_error(r, "policyAuthCallback");
         if (auth != NULL) {
             authValue.size = strlen(auth);
+            if (authValue.size > sizeof(TPMU_HA)) {
+                return_error2(TSS2_FAPI_RC_BAD_VALUE, "Auth value %u > %lu",
+                              authValue.size, sizeof(TPMU_HA));
+            }
             memcpy(&authValue.buffer[0], auth, authValue.size);
         }