From e2c529a86d6cabb0f2058e2be4cef9711477c98d Mon Sep 17 00:00:00 2001
From: Takuma IMAMURA <209989118+hyperfinitism@users.noreply.github.com>
Date: Sun, 1 Mar 2026 02:47:49 +0900
Subject: [PATCH] fix(tpm2_util): fix buffer overflow in string validation
 checks

Signed-off-by: Takuma IMAMURA <209989118+hyperfinitism@users.noreply.github.com>
---
 lib/tpm2_util.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c
index 962f297ae..4a79cfa3c 100644
--- a/lib/tpm2_util.c
+++ b/lib/tpm2_util.c
@@ -1027,22 +1027,20 @@ bool tpm2_safe_read_from_stdin(int length, char *data) {
 bool tpm2_pem_encoded_key_to_fingerprint(const char *pem_encoded_key,
     char *fingerprint) {
 
-    bool is_pemkey_len_valid = strlen(pem_encoded_key) > 1024 ? false : true;
-    if (!is_pemkey_len_valid) {
+    if (strlen(pem_encoded_key) >= 1024) {
         return false;
     }
 
     char str[1024] = "";
-    strcpy(str, pem_encoded_key);
+    strncpy(str, pem_encoded_key, 1023);
+    str[1023] = '\0';
 
     /* walk through other tokens */
     char base64[1024] = "";
     char *token = strtok(str, "\n");
     while ( token != NULL ) {
         if (!strstr(token, "-----")) {
-            bool is_base64_overrun = (strlen(base64) + strlen(token)) > 1024 ?
-                true : false;
-            if (is_base64_overrun) {
+            if ((strlen(base64) + strlen(token)) >= 1024) {
                 return false;
             }
             strcat(base64, token);