From 3d2bbe2f1947784506ba0a7f9e8ab81eefb69929 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Mon, 23 May 2022 14:16:57 +0100
Subject: [PATCH] tpm2: Fix size check in CryptSecretDecrypt

Check the secret size against the size of the buffer, not the size
member that has not been set yet.

Reported by Coverity.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 src/tpm2/CryptUtil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9879f918acb6..002fde0987a9 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -732,7 +732,7 @@ CryptSecretDecrypt(
 					     nonceCaller->t.size);
 			      }
 			  // make sure secret will fit
-			  if(secret->t.size > data->t.size)
+			  if(secret->t.size > sizeof(data->t.buffer))
 			      return TPM_RC_FAILURE;
 			  data->t.size = secret->t.size;
 			  // CFB decrypt, using nonceCaller as iv
-- 
2.36.0.44.g0f828332d5ac