From ff257816a8e95c7f81cd4be999f15a841e069823 Mon Sep 17 00:00:00 2001
From: Andreas Fuchs <andreas.fuchs@infineon.com>
Date: Wed, 31 Jan 2024 12:00:57 +0100
Subject: [PATCH] Auth input: Check for NULL termination

When reading auths from a file, add a check that they are NULL terminated.

Signed-off-by: Andreas Fuchs <andreas.fuchs@infineon.com>
---
 lib/tpm2_auth_util.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/tpm2_auth_util.c b/lib/tpm2_auth_util.c
index 94f42f833..918cce2b4 100644
--- a/lib/tpm2_auth_util.c
+++ b/lib/tpm2_auth_util.c
@@ -118,6 +118,13 @@ static tool_rc get_auth_for_file_param(const char* password, TPM2B_AUTH *auth) {
         size = read;
     }
 
+    /* Check that the buffer is actually \0 terminated */
+    if (buffer[size - 1] != '\0') {
+        LOG_ERR("Password content is not Null terminated.");
+        free(buffer);
+        return tool_rc_general_error;
+    }
+
     /* bash here strings and many commands add a trailing newline, if its stdin, kill the newline */
     size_t i;
     for (i = size; i >=  1; i -= 1) {