tpm2_util: fix buffer overflow in string validation checks

[hyperfinitism]

The strlen() validation checks in tpm2_pem_encoded_key_to_fingerprint() used > 1024 instead of >= 1024, which allowed strings of exactly 1024 characters to pass validation and be copied into 1024-byte stack buffers. Since strcpy() also writes the null terminator, a 1024-character input causes 1025 bytes to be written, overflowing the buffer by one byte.

The same off-by-one existed in two places within the function:

• The initial PEM string length check against str[1024]
• The per-line base64 accumulation check against base64[1024]

Current exploitability

In the existing call path, pem_encoded_key is the PEM-encoded public key supplied by the FAPI auth callback (tss2_template.c). All key types currently supported by FAPI (P-256, P-384, P-521, RSA-2048/3072/4096) produce PEM public keys well below 1024 bytes in length, so the overflow cannot be triggered in practice with standard inputs.

Nonetheless, the validation logic is incorrect as written. This fix closes the gap to prevent the issue from becoming exploitable if the function is called with a larger key in the future, or if it is reached through a different code path.

Changes

• Change > 1024 to >= 1024 in both length checks so that an input of exactly 1024 characters (+ null termination) is correctly rejected
• Replace strcpy with strncpy + explicit null termination as defence-in-depth, ensuring no overflow occurs even if the length guard were somehow bypassed