From 4050d845fdd3819708329a8b4f52eb2de485fbf4 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Tue, 30 Jan 2018 10:12:14 -0800
Subject: [PATCH] Limit selected PCRs to 8

When a PCR selection has more than 8 selections, the pcrSelections
array was being indexed past its end.

Fixes: #778

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 lib/tpm2_policy.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c
index b1fc8182c..aff0a1724 100644
--- a/lib/tpm2_policy.c
+++ b/lib/tpm2_policy.c
@@ -58,6 +58,11 @@ static bool evaluate_populate_pcr_digests(TPML_PCR_SELECTION *pcr_selections,
             total_indices_for_this_alg += tpm2_util_pop_count(group_val);
         }
 
+        if(pcr_values->count + total_indices_for_this_alg > ARRAY_LEN(pcr_values->digests)) {
+            LOG_ERR("Number of PCR is limited to %zu", ARRAY_LEN(pcr_values->digests));
+            return false;
+        }
+
         //digest size returned per the hashAlg type
         unsigned dgst_size = tpm2_alg_util_get_hash_size(pcr_selections->pcrSelections[i].hash);
         if (!dgst_size) {