From 9685ea263f994537430323fb1681b210395eee7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD=20=D0=9F=D0=B0=D0=BB=D0=B0?=
 =?UTF-8?q?=D1=83=D0=B7=D0=BE=D0=B2?= <git-dpa@aegee.org>
Date: Tue, 2 Apr 2019 16:18:32 +0000
Subject: [PATCH] lib/tpm2_util.c:string_to_uint32: ensure the string does not
 overflow in uint32
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before this change input of "4294967295" generated output of 4294967295, which
is UINT32_MAX = 2**32 - 1.  But input "4294967296" created output of 0.  The
function is supposed to fail if the number is too big, rather than silently
convert unsigned long int to uint32_t, ignoring some bits.

Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
---
 lib/tpm2_util.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c
index edfda4a8b0b..ca9d8b7f4d7 100644
--- a/lib/tpm2_util.c
+++ b/lib/tpm2_util.c
@@ -236,8 +236,8 @@ bool tpm2_util_string_to_uint32(const char *str, uint32_t *value) {
 
     /* clear errno before the call, should be 0 afterwards */
     errno = 0;
-    uint32_t tmp = strtoul(str, &endptr, 0);
-    if (errno) {
+    unsigned long int tmp = strtoul(str, &endptr, 0);
+    if (errno || tmp > UINT32_MAX) {
         return false;
     }
 
@@ -250,7 +250,7 @@ bool tpm2_util_string_to_uint32(const char *str, uint32_t *value) {
         return false;
     }
 
-    *value = tmp;
+    *value = (uint32_t) tmp;
     return true;
 }
 
-- 
2.21.0