Tss2_PolicyGetDescription() returns a description field as a string (it uses strlen()
internally), but it does not null-terminate the string for the caller. Instead of memcpy()
, strcpy()
should be used (and len/*size
will have to be incremented by one).
I found this issue using clang-tidy. This is going to be fixed in an upcoming PR by me.
|
/** Retrieve the description field of a policy. |
|
* |
|
* The policy description is only a valid pointer for the lifetime of policy_ctx. |
|
* |
|
* @param[in] policy_ctx The policy context from Tss2_PolicyInstantiate. |
|
* @param[in] description The description from the policy file. |
|
* |
|
* @retval TSS2_RC_SUCCESS After the end of the wait. |
|
* @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed. |
|
*/ |
|
TSS2_RC |
|
Tss2_PolicyGetDescription( |
|
TSS2_POLICY_CTX *policy_ctx, |
|
char *buffer, |
|
size_t *size) |
|
{ |
|
policy_check_not_null(policy_ctx); |
|
policy_check_not_null(size); |
|
|
|
LOG_TRACE("called for policy_path(%s)", |
|
policy_ctx->path); |
|
|
|
const char *description = policy_ctx->policy.description; |
|
size_t len = strlen(description); |
|
|
|
/* NULL buffer let calller know size */ |
|
if (!buffer) { |
|
*size = len; |
|
return TSS2_RC_SUCCESS; |
|
} |
|
|
|
/* specified buffer but too small, let caller know size and error */ |
|
if (*size < len) { |
|
*size = len; |
|
return_if_error(TSS2_POLICY_RC_BUFFER_TOO_SMALL, "Specified buffer is too small"); |
|
} |
|
|
|
/* all is well, copy it to user and let them know size */ |
|
*size = len; |
|
memcpy(buffer, description, len); |
|
|
|
LOG_TRACE("finished, returning: 0x0"); |
|
return TSS2_RC_SUCCESS; |
|
} |
I took the liberty to flag this as a bug. Feel free to remove the label if you think otherwise.