From 6a01a97e1db21475ba1fc4d2aea9a4172fc6a078 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 22 Jul 2024 14:55:06 -0400
Subject: [PATCH] swtpm: Check whether bufferSize parameter is too small
 (Coverity)

Check whether the bufferSize parameter is too small and an underflow of the
expression bufferSize - offset could theoretically occur. However, in
practice this will never happen since the caller will always provide a
bufferSize of around 4kb.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/swtpm/swtpm_io.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/swtpm/swtpm_io.c b/src/swtpm/swtpm_io.c
index 8887831fb..73d10c361 100644
--- a/src/swtpm/swtpm_io.c
+++ b/src/swtpm/swtpm_io.c
@@ -99,6 +99,11 @@ TPM_RESULT SWTPM_IO_Read(TPM_CONNECTION_FD *connection_fd,   /* read/write file
         return TPM_IOERROR;
     }
 
+    if (bufferSize < sizeof(struct tpm_req_header)) {
+        TPM_DEBUG("SWTPM_IO_Read: Passed buffer is too small\n");
+        return TPM_IOERROR;
+    }
+
     while (true) {
         n = read(connection_fd->fd, &buffer[offset], bufferSize - offset);
         if (n < 0 && errno == EINTR)