Peer review fixes

dgarske · dgarske · commit 1f93736b9163 · 2026-04-17T09:10:56.000-07:00
diff --git a/src/fwtpm/fwtpm_command.c b/src/fwtpm/fwtpm_command.c
@@ -7340,9 +7340,9 @@ static TPM_RC FwCmd_StartAuthSession(FWTPM_CTX* ctx, TPM2_Packet* cmd,
                 }
             }
             if (bindAuth.size > sizeof(bindAuth.buffer)) {
-                bindAuth.size = (UINT16)sizeof(bindAuth.buffer);
+                rc = TPM_RC_FAILURE;
             }
-            if (bindAuth.size > 0) {
+            if (rc == 0 && bindAuth.size > 0) {
                 if (keyInSz + bindAuth.size <= (int)sizeof(keyIn)) {
                     XMEMCPY(keyIn + keyInSz, bindAuth.buffer, bindAuth.size);
                     keyInSz += bindAuth.size;
@@ -11115,30 +11115,41 @@ static TPM_RC FwCmd_Quote(FWTPM_CTX* ctx, TPM2_Packet* cmd,
                 rc = TPM_RC_FAILURE;
             }
             if (rc == 0) {
-                for (s = 0; s < numSel; s++) {
+                for (s = 0; s < numSel && rc == 0; s++) {
                     int bank = FwGetPcrBankIndex(selections[s].hashAlg);
                     int bankDSz = TPM2_GetHashDigestSize(
                         selections[s].hashAlg);
                     UINT32 j;
                     if (bank < 0 || bankDSz == 0)
                         continue;
-                    for (j = 0; j < selections[s].sizeOfSelect; j++) {
+                    for (j = 0; j < selections[s].sizeOfSelect &&
+                            rc == 0; j++) {
                         int pcr;
                         for (pcr = 0; pcr < 8; pcr++) {
                             if (selections[s].pcrSelect[j] & (1 << pcr)) {
                                 int pcrIdx = j * 8 + pcr;
                                 if (pcrIdx < IMPLEMENTATION_PCR) {
-                                    wc_HashUpdate(hashCtx, wcH,
-                                        ctx->pcrDigest[pcrIdx][bank],
-                                        bankDSz);
+                                    if (wc_HashUpdate(hashCtx, wcH,
+                                            ctx->pcrDigest[pcrIdx][bank],
+                                            bankDSz) != 0) {
+                                        rc = TPM_RC_FAILURE;
+                                        break;
+                                    }
                                 }
                             }
                         }
                     }
                 }
-                wc_HashFinal(hashCtx, wcH, pcrDigestBuf);
+                if (rc == 0) {
+                    if (wc_HashFinal(hashCtx, wcH,
+                            pcrDigestBuf) != 0) {
+                        rc = TPM_RC_FAILURE;
+                    }
+                    else {
+                        pcrDigestSz = dSz;
+                    }
+                }
                 wc_HashFree(hashCtx, wcH);
-                pcrDigestSz = dSz;
             }
         }
         TPM2_Packet_AppendU16(&attestPkt, (UINT16)pcrDigestSz);
