Backport a few fixes for issues detected by Coverity

.travis.yml

@@ -46,7 +46,7 @@ matrix:
         ./autogen.sh ${CONFIG} &&
         sudo make -j$(nproc) ${TARGET} &&
         sudo make -j$(nproc) check &&
-        git clone https://github.com/stefanberger/swtpm.git &&
+        git clone -b stable-0.9 https://github.com/stefanberger/swtpm.git &&
         pushd swtpm &&
          sudo rm -rf /dev/tpm* &&
          sudo apt -y install devscripts equivs python3-twisted expect
@@ -67,7 +67,7 @@ matrix:
         ./autogen.sh ${CONFIG} &&
         sudo make -j$(nproc) ${TARGET} &&
         sudo make -j$(nproc) check &&
-        git clone https://github.com/stefanberger/swtpm.git &&
+        git clone -b stable-0.9 https://github.com/stefanberger/swtpm.git &&
         pushd swtpm &&
          sudo rm -rf /dev/tpm* &&
          sudo apt -y install devscripts equivs python3-twisted expect

src/tpm2/CryptUtil.c

@@ -639,6 +639,9 @@ CryptSecretDecrypt(
 		  TPMS_ECC_POINT       eccSecret;
 		  BYTE                *buffer = secret->t.secret;
 		  INT32                size = secret->t.size;
+
+		  MemorySet(&eccPublic, 0, sizeof(eccPublic));		// libtpms added: Coverity
+
 		  // Retrieve ECC point from secret buffer
 		  result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size);
 		  if(result == TPM_RC_SUCCESS)

src/tpm2/NVMarshal.c

@@ -806,7 +806,7 @@ pcrbanks_algs_active(const TPML_PCR_SELECTION *pcrAllocated)
     for(i = 0; i < pcrAllocated->count; i++) {
         for (j = 0; j < pcrAllocated->pcrSelections[i].sizeofSelect; j++) {
             if (pcrAllocated->pcrSelections[i].pcrSelect[j]) {
-                algs_active |= 1 << pcrAllocated->pcrSelections[i].hash;
+                algs_active |= ((UINT64)1 << pcrAllocated->pcrSelections[i].hash);
                 break;
             }
         }
@@ -4488,9 +4488,8 @@ USER_NVRAM_Display(const char *msg)
             fprintf(stderr, " (NV_INDEX)  ");
             /* NV_INDEX has the index again at offset 0! */
             NvReadNvIndexInfo(entryRef + offset, &nvi);
-            offset += sizeof(nvi);
             datasize = entrysize - sizeof(UINT32) - sizeof(nvi);
-            fprintf(stderr, " datasize: %u\n",datasize);
+            fprintf(stderr, " datasize: %u\n", datasize);
             break;
         break;
         case TPM_HT_PERSISTENT:

src/tpm2/SessionProcess.c

@@ -1422,6 +1422,8 @@ ParseSessionBuffer(
 		    // Note: for all the TPM 2.0 commands, handles requiring
 		    // authorization come first in a command input and there are only ever
 		    // two values requiring authorization
+		    if(command->sessionNum == 0)		// libtpms added begin (Coverity 1550499)
+		        return TPM_RC_AUTH_MISSING;		// libtpms added end
 		    if(i > (command->sessionNum - 1))
 			return TPM_RC_AUTH_MISSING;
 		    // Record the handle associated with the authorization session

src/tpm2/Unmarshal.c

@@ -1621,6 +1621,7 @@ TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector)
 TPM_RC
 TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull)
 {
+    TPMT_HA orig_target = *target;			// libtpms added
     TPM_RC rc = TPM_RC_SUCCESS;
 
     if (rc == TPM_RC_SUCCESS) {
@@ -1629,6 +1630,9 @@ TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull)
     if (rc == TPM_RC_SUCCESS) {
 	rc = TPMU_HA_Unmarshal(&target->digest, buffer, size, target->hashAlg);
     }
+    if (rc != TPM_RC_SUCCESS) {				// libtpms added begin
+	*target = orig_target;
+    }							// libtpms added end
     return rc;
 }
 
@@ -2891,6 +2895,7 @@ TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT3
 TPM_RC
 TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size)
 {
+    TPMS_SENSITIVE_CREATE orig_target = *target;	// libtpms added
     TPM_RC rc = TPM_RC_SUCCESS;
 
     if (rc == TPM_RC_SUCCESS) {
@@ -2899,6 +2904,9 @@ TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, IN
     if (rc == TPM_RC_SUCCESS) {
 	rc = TPM2B_SENSITIVE_DATA_Unmarshal(&target->data, buffer, size);
     }
+    if (rc != TPM_RC_SUCCESS) {				// libtpms added begin
+	*target = orig_target;
+    }							// libtpms added end
     return rc;
 }
 
@@ -3199,6 +3207,7 @@ TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, U
 TPM_RC
 TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
 {
+    TPMT_SIG_SCHEME orig_target = *target;		// libtpms added
     TPM_RC rc = TPM_RC_SUCCESS;
 
     if (rc == TPM_RC_SUCCESS) {
@@ -3207,6 +3216,9 @@ TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, B
     if (rc == TPM_RC_SUCCESS) {
 	rc = TPMU_SIG_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme);
     }
+    if (rc != TPM_RC_SUCCESS) {				// libtpms added begin
+	*target = orig_target;
+    }							// libtpms added end
     return rc;
 }
 
@@ -3661,6 +3673,7 @@ TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32
 TPM_RC
 TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size)
 {
+    TPMS_ECC_POINT orig_target = *target;		// libtpms added
     TPM_RC rc = TPM_RC_SUCCESS;
 
     if (rc == TPM_RC_SUCCESS) {
@@ -3669,6 +3682,9 @@ TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size)
     if (rc == TPM_RC_SUCCESS) {
 	rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->y, buffer, size);
     }
+    if (rc != TPM_RC_SUCCESS) {				// libtpms added being
+	*target = orig_target;
+    }							// libtpms added end
     return rc;
 }
 
@@ -3801,6 +3817,7 @@ TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size)
 TPM_RC
 TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
 {
+    TPMT_ECC_SCHEME orig_target = *target;		// libtpms added
     TPM_RC rc = TPM_RC_SUCCESS;
 
     if (rc == TPM_RC_SUCCESS) {
@@ -3809,6 +3826,9 @@ TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, B
     if (rc == TPM_RC_SUCCESS) {
 	rc = TPMU_ASYM_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme);
     }
+    if (rc != TPM_RC_SUCCESS) {				// libtpms added begin
+	*target = orig_target;
+    }							// libtpms added end
     return rc;
 }
 
@@ -4107,6 +4127,7 @@ TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size)
 TPM_RC
 TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size)
 {
+    TPMS_ECC_PARMS orig_target = *target;		// libtpms added
     TPM_RC rc = TPM_RC_SUCCESS;
 
     if (rc == TPM_RC_SUCCESS) {
@@ -4121,6 +4142,9 @@ TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size)
     if (rc == TPM_RC_SUCCESS) {
 	rc = TPMT_KDF_SCHEME_Unmarshal(&target->kdf, buffer, size, YES);
     }
+    if (rc != TPM_RC_SUCCESS) {				// libtpms added begin
+	*target = orig_target;
+    }							// libtpms added end
     return rc;
 }
 

src/tpm2/crypto/openssl/CryptPrimeSieve.c

@@ -215,6 +215,10 @@ FindNthSetBit(
     int          retValue;
     UINT32       sum = 0;
     BYTE         sel;
+
+    if (n < 1 || aSize < 1)			// libtpms added begin: Coverity 1550494
+        return -1;				// libtpms end
+
     //find the bit
     for(i = 0; (i < (int)aSize) && (sum < n); i++)
 	sum += BitsInByte(a[i]);

src/tpm_library.c

@@ -636,6 +636,8 @@ TPM_RESULT CopyCachedState(enum TPMLIB_StateType st,
     *is_empty_buffer = (*buflen == BUFLEN_EMPTY_BUFFER);
 
     if (cached_blobs[st].buffer) {
+        assert(*buflen != BUFLEN_EMPTY_BUFFER);
+
         *buffer = malloc(*buflen);
         if (!*buffer) {
             TPMLIB_LogError("Could not allocate %u bytes.\n", *buflen);