ACK: [PATCH] tpmevlog: Correct boundary checking for PCR4 event check

[ivanhu]

Thanks Mario,

Acked-by: Ivan Hu<ivan.hu at canonical.com>

On 9/15/23 12:20, Mario Limonciello wrote:
> The boundary checking looks when PCR 4 and `EV_EFI_BOOT_SERVICES_APPLICATION`
> that the size is greater than `uefi_image_load_event`.
> 
> This test fails when loading a PE binary for a kernel image which is exactly
> the size of `uefi_image_load_event`.
> 
> Furthermore, a kernel image may not have a device path specified, so don't
> bail if that's zero size.
> 
> Signed-off-by: Mario Limonciello <mario.limonciello at amd.com>
> ---
>   src/tpm/tpmevlog/tpmevlog.c | 5 +++--
>   1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/src/tpm/tpmevlog/tpmevlog.c b/src/tpm/tpmevlog/tpmevlog.c
> index 96f71ffe..794b47ca 100644
> --- a/src/tpm/tpmevlog/tpmevlog.c
> +++ b/src/tpm/tpmevlog/tpmevlog.c
> @@ -161,7 +161,7 @@ static int tpmevlog_pcr_type_event_check(
>   	uefi_image_load_event *ev_image_load = (uefi_image_load_event *)event;
>   
>   	if (pcr == 4 && event_type == EV_EFI_BOOT_SERVICES_APPLICATION) {
> -		if (event_size <= sizeof(uefi_image_load_event)) {
> +		if (event_size < sizeof(uefi_image_load_event)) {
>   			fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadEventLength",
>   					"The length of the event is %" PRIu32 " which"
>   					" is smaller than the UEFI Image Load Event "
> @@ -171,7 +171,8 @@ static int tpmevlog_pcr_type_event_check(
>   					event_size);
>   			return FWTS_ERROR;
>   		}
> -		if (ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) {
> +		if (ev_image_load->length_of_device_path &&
> +		    ev_image_load->length_of_device_path <= sizeof(fwts_uefi_dev_path)) {
>   			fwts_failed(fw, LOG_LEVEL_HIGH, "ImageLoadDevicePathLength",
>   					"The length of the device path is %" PRIu64
>   					" is smaller than DevicePath of PE/COFF image "