security/intel/txt: Avoid shifting by a negative value

Coverity detects an integer handling issue with BAD_SHIFT. The inline
function log2_ceil(u32 x) { return (x == 0) ? -1 : log2(x * 2 - 1); }
could return -1, which causes shifting by a negative amount value and
has undefined behavior. Add sanity check for the acm_header->size to
avoid shifting negative value.

Found-by: Coverity CID 1431124
TEST=None

Signed-off-by: John Zhao <john.zhao@intel.com>
Change-Id: Ic687349b14917e39d2a8186968037ca2521c7cdc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44186
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
John Zhao 2020-08-04 11:29:08 -07:00 committed by Philipp Deppenwiese
parent fc24da940d
commit 536e9651ed
1 changed files with 3 additions and 0 deletions

View File

@ -149,6 +149,9 @@ static int validate_acm(const void *ptr)
if (acm_header->module_vendor != INTEL_ACM_VENDOR) if (acm_header->module_vendor != INTEL_ACM_VENDOR)
return ACM_E_MODULE_VENDOR_NOT_INTEL; return ACM_E_MODULE_VENDOR_NOT_INTEL;
if (acm_header->size == 0)
return ACM_E_SIZE_INCORRECT;
if (((acm_header->header_len + acm_header->scratch_size) * sizeof(uint32_t) + if (((acm_header->header_len + acm_header->scratch_size) * sizeof(uint32_t) +
sizeof(struct acm_info_table)) > (acm_header->size & 0xffffff) * sizeof(uint32_t)) { sizeof(struct acm_info_table)) > (acm_header->size & 0xffffff) * sizeof(uint32_t)) {
return ACM_E_SIZE_INCORRECT; return ACM_E_SIZE_INCORRECT;