Fix bugs found by SAST

Resolves: RHEL-62754

Signed-off-by: Štěpán Horáček <shoracek@redhat.com>

sast.diff

@@ -0,0 +1,65 @@
+diff --git a/utils/imalib.c b/utils/imalib.c
+index 1910dcc..8d40fd2 100644
+--- a/utils/imalib.c
++++ b/utils/imalib.c
+@@ -2164,7 +2164,7 @@ static uint32_t IMA_ParseXATTRNAMES(ImaTemplateData	*imaTemplateData,
+ 	    imaTemplateData->imaTemplateXattrs.xattrNamesCount++;
+ 
+ 	    for (i = 1 ;
+-		 i < sizeof(((ImaTemplateData *)NULL)->imaTemplateXattrs.xattrNamesPtr) ; i++) {
++		 i < (sizeof(((ImaTemplateData *)NULL)->imaTemplateXattrs.xattrNamesPtr)) / sizeof(char *) ; i++) {
+ 		/* the | is a separator character */
+ 		imaTemplateData->imaTemplateXattrs.xattrNamesPtr[i] =
+ 		    strchr(imaTemplateData->imaTemplateXattrs.xattrNamesPtr[i-1], '|');
+diff --git a/utils/policymaker.c b/utils/policymaker.c
+index 7290ed7..f9c7212 100644
+--- a/utils/policymaker.c
++++ b/utils/policymaker.c
+@@ -185,10 +185,10 @@ int main(int argc, char *argv[])
+     }
+     if (rc == 0) {
+ 	sizeInBytes = TSS_GetDigestSize(digest.hashAlg);
++	memset((uint8_t *)&digest.digest, 0, sizeInBytes);
+ 	/* startauthsession sets session digest to zero */
+ 	if (!nz) {
+ 	    startSizeInBytes = sizeInBytes;
+-	    memset((uint8_t *)&digest.digest, 0, sizeInBytes);
+ 	}
+ 	else {	/* nz TRUE, start with empty buffer */
+ 	    startSizeInBytes = 0;
+diff --git a/utils/tpmproxy.c b/utils/tpmproxy.c
+index 1948121..15f980a 100644
+--- a/utils/tpmproxy.c
++++ b/utils/tpmproxy.c
+@@ -556,7 +556,7 @@ TPM_RC socketWrite(SOCKET_FD accept_fd,	/* read/write file descriptor */
+ 	}
+     }
+     while ((rc == 0) && (buffer_length > 0)) {
+-	nwritten = send(accept_fd, buffer, (int)buffer_length, 0);
++	nwritten = send(accept_fd, buffer, buffer_length, 0);
+ 	if ((nwritten == SOCKET_ERROR) ||
+ 	    (nwritten < 0)) {
+ 	    printf("socketWrite: Error, send()\n");
+diff --git a/utils/tsssocket.c b/utils/tsssocket.c
+index 24cc5fd..992f8c2 100644
+--- a/utils/tsssocket.c
++++ b/utils/tsssocket.c
+@@ -594,15 +594,15 @@ static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd,
+ 					uint8_t *buffer,  
+ 					uint32_t nbytes)
+ {
+-    int nread = 0;
+-    int nleft = 0;
++    ssize_t nread = 0;
++    size_t nleft = 0;
+ 
+     nleft = nbytes;
+     while (nleft > 0) {
+ #ifdef TPM_POSIX
+ 	nread = read(sock_fd, buffer, nleft);
+ 	if (nread < 0) {       /* error */
+-	    if (tssVerbose)  printf("TSS_Socket_ReceiveBytes: read error %d\n", nread);
++	    if (tssVerbose)  printf("TSS_Socket_ReceiveBytes: read error %d\n", errno);
+ 	    return TSS_RC_BAD_CONNECTION;
+ 	}
+ #endif

tss2.spec

@@ -9,7 +9,7 @@ Name:           tss2
 # this is the release of the TSS library
 Version:        2.3.2
 # this is the release of the fedora package, goes back to 1 when version changes
-Release:        3%{?dist}
+Release:        4%{?dist}
 Epoch:          1
 Summary:        IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
 
@@ -17,6 +17,8 @@ License:        BSD-3-Clause AND LicenseRef-TCGL
 URL:            http://sourceforge.net/projects/ibmtpm20tss/
 Source0:        https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
 
+Patch0: sast.diff
+
 BuildRequires:  automake
 BuildRequires:  autoconf
 BuildRequires:  libtool
@@ -79,6 +81,10 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %doc ibmtss.docx
 
 %changelog
+* Mon Jan 20 2025 Štěpán Horáček <shoracek@redhat.com> - 1:2.3.2-4
+- Fix bugs found by SAST
+- Resolves: RHEL-62754
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:2.3.2-3
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018