diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c index 1a275e536..512f19df6 100644 --- a/src/tpm2/NVMarshal.c +++ b/src/tpm2/NVMarshal.c @@ -4087,7 +4087,7 @@ static UINT16 PERSISTENT_DATA_PPList_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size, UINT16 blob_version, UINT32 commandCount) { - UINT8 ppList[(110 + 7) / 8]; + UINT8 ppList[BITS_TO_BYTES(110)]; UINT16 array_size; UINT16 written; UINT8 *ptr; @@ -4136,9 +4136,15 @@ PERSISTENT_DATA_PPList_Unmarshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *si rc = ConvertFromCompressedBitArray(buf, array_size, data->ppList, sizeof(data->ppList)); } else { - memset(data->ppList, 0, sizeof(data->ppList)); - assert(array_size <= sizeof(data->ppList)); + /* later versions of libtpms may write bigger arrays - truncate them */ + if (array_size > sizeof(data->ppList)) + array_size = sizeof(data->ppList); + memcpy(data->ppList, buf, array_size); + /* clear the rest of byte array */ + MUST_BE(sizeof(data->ppList[0]) == sizeof(BYTE)); + while (array_size < ARRAY_SIZE(data->ppList)) + data->ppList[array_size++] = 0; } } } @@ -4149,7 +4155,7 @@ static UINT16 PERSISTENT_DATA_AuditCommands_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size, UINT16 blob_version, UINT32 commandCount) { - UINT8 auditCommands[(110 + 1 + 7) / 8]; + UINT8 auditCommands[BITS_TO_BYTES(110 + 1)]; UINT16 array_size; UINT16 written; UINT8 *ptr; @@ -4161,7 +4167,7 @@ PERSISTENT_DATA_AuditCommands_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT3 * was using a COMPRESSED_LIST. */ assert(commandCount <= 110); - array_size = ((commandCount + 1) + 7) / 8; /* same as in Global.h PERSISTENT_DATA */ + array_size = BITS_TO_BYTES(commandCount + 1); /* same as in Global.h PERSISTENT_DATA */ assert(sizeof(auditCommands) >= array_size); ConvertToCompressedBitArray(data->auditCommands, sizeof(data->auditCommands), auditCommands, array_size); @@ -4199,9 +4205,15 @@ PERSISTENT_DATA_AuditCommands_Unmarshal(PERSISTENT_DATA *data, BYTE **buffer, IN rc = ConvertFromCompressedBitArray(buf, array_size, data->auditCommands, sizeof(data->auditCommands)); } else { - memset(data->auditCommands, 0, sizeof(data->auditCommands)); - assert(array_size <= sizeof(data->auditCommands)); + /* later versions of libtpms may write bigger arrays - truncate them */ + if (array_size > sizeof(data->auditCommands)) + array_size = sizeof(data->auditCommands); + memcpy(data->auditCommands, buf, array_size); + /* clear the rest of byte array */ + MUST_BE(sizeof(data->auditCommands[0]) == sizeof(BYTE)); + while (array_size < ARRAY_SIZE(data->auditCommands)) + data->auditCommands[array_size++] = 0; } } } diff --git a/src/tpm2/RuntimeCommands.c b/src/tpm2/RuntimeCommands.c index be8e30e2d..7a61049ef 100644 --- a/src/tpm2/RuntimeCommands.c +++ b/src/tpm2/RuntimeCommands.c @@ -413,6 +413,8 @@ RuntimeCommandsCountEnabled(struct RuntimeCommands *RuntimeCommands) TPM_CC commandCode; UINT32 count = 0; + /* the following assert must never change */ + MUST_BE(TPM_CC_FIRST == TPM_CC_NV_UndefineSpaceSpecial); for (commandCode = TPM_CC_FIRST; commandCode < sizeof(RuntimeCommands->enabledCommands) * 8; commandCode++) { diff --git a/tests/nvram_offsets.c b/tests/nvram_offsets.c index 24311eec3..92e9ad430 100644 --- a/tests/nvram_offsets.c +++ b/tests/nvram_offsets.c @@ -8,30 +8,6 @@ extern BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; int main(void) { - PERSISTENT_DATA pd; - - /* Check size of ppList that expands with new commands */ - /* was 14 when COMPRESSED_LISTS was enabled */ -#define PD_PP_LIST_EXP_SIZE 17 - if (sizeof(pd.ppList) != PD_PP_LIST_EXP_SIZE) { - fprintf(stderr, - "sizeof(PERSISTENT_DATA.ppList) does not have expected size " - "of %u bytes but %zu bytes\n", - PD_PP_LIST_EXP_SIZE, sizeof(pd.ppList)); - return EXIT_FAILURE; - } - - /* Check size of auditCommands that expands with new commands */ - /* was 14 when COMPRESSED_LISTS was enabled */ -#define PD_AUDIT_COMMANDS_EXP_SIZE 17 - if (sizeof(pd.auditCommands) != PD_AUDIT_COMMANDS_EXP_SIZE) { - fprintf(stderr, - "sizeof(PERSISTENT_DATA.auditCommands) does not have expected size " - "of %u bytes but %zu bytes\n", - PD_AUDIT_COMMANDS_EXP_SIZE, sizeof(pd.auditCommands)); - return EXIT_FAILURE; - } - /* ensure that the NVRAM offset of NV_USER_DYNAMIC is at the expected location so that there's enough memory for re-constructing NVRAM indices etc. into the NVRAM */