diff --git a/test/unit/test_tpm2_auth_util.c b/test/unit/test_tpm2_auth_util.c index d88e42bab..c2e074817 100644 --- a/test/unit/test_tpm2_auth_util.c +++ b/test/unit/test_tpm2_auth_util.c @@ -308,6 +308,7 @@ static int setup(void **state) { ESYS_CONTEXT *ectx; size_t size = sizeof(TSS2_TCTI_CONTEXT_FAKE); TSS2_TCTI_CONTEXT *tcti = malloc(size); + assert_non_null(tcti); rc = tcti_fake_initialize(tcti, &size); if (rc) { diff --git a/test/unit/test_tpm2_session.c b/test/unit/test_tpm2_session.c index dccb87f0a..128515697 100644 --- a/test/unit/test_tpm2_session.c +++ b/test/unit/test_tpm2_session.c @@ -77,6 +77,7 @@ TSS2_RC __wrap_Esys_TR_GetName(ESYS_CONTEXT *esysContext, ESYS_TR handle, UNUSED(handle); *name = malloc(sizeof(TPM2B_NAME)); + assert_non_null(*name); size_t offset = 0; TSS2_RC rc = Tss2_MU_TPM2_HANDLE_Marshal(SESSION_HANDLE, &(*name)->name[0], sizeof(TPM2_HANDLE), &offset); diff --git a/tools/tpm2_duplicate.c b/tools/tpm2_duplicate.c index f91d79c58..d8aea38a8 100644 --- a/tools/tpm2_duplicate.c +++ b/tools/tpm2_duplicate.c @@ -179,6 +179,11 @@ static tool_rc openssl_create_duplicate(void) { encrypted_duplicate_sensitive.size); ctx.out_private_data = malloc(private.size + sizeof(private.size)); + if (!ctx.out_private_data) { + LOG_ERR("oom"); + rc = tool_rc_general_error; + goto out; + } memcpy(ctx.out_private_data, &private, private.size + sizeof(private.size)); out: @@ -231,6 +236,10 @@ static tool_rc process_openssl_duplicate(void) { ctx.out_sym_seed = malloc(encrypted_seed.size + sizeof(encrypted_seed.size)); + if (!ctx.out_sym_seed) { + LOG_ERR("oom"); + return tool_rc_general_error; + } memcpy(ctx.out_sym_seed, &encrypted_seed, encrypted_seed.size + sizeof(encrypted_seed.size)); diff --git a/tools/tpm2_encryptdecrypt.c b/tools/tpm2_encryptdecrypt.c index 68454a6a7..deb0fe63c 100644 --- a/tools/tpm2_encryptdecrypt.c +++ b/tools/tpm2_encryptdecrypt.c @@ -375,6 +375,10 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { ctx.iv_in = 0; } else { ctx.iv_in = malloc(iv_start.size + sizeof(iv_start)); + if (!ctx.iv_in) { + LOG_ERR("oom"); + return tool_rc_general_error; + } ctx.iv_in->size = iv_start.size; memcpy(ctx.iv_in->buffer, &iv_start.buffer, iv_start.size); } diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c index fd359369d..c64066fb3 100644 --- a/tools/tpm2_getekcertificate.c +++ b/tools/tpm2_getekcertificate.c @@ -426,6 +426,10 @@ static char *encode_ek_public_amd(void) { return NULL; } char *hash_str = malloc(AMD_EK_URI_LEN * 2 + NULL_TERM_LEN); + if (!hash_str) { + LOG_ERR("oom"); + return NULL; + } for (size_t i = 0; i < AMD_EK_URI_LEN; i++) { sprintf((char*)(hash_str + (i*2)), "%02x", hash[i]); @@ -1137,6 +1141,10 @@ static tool_rc process_input(ESYS_CONTEXT *ectx) { if (ctx.ek_path) { ctx.out_public = malloc(sizeof(*ctx.out_public)); + if (!ctx.out_public) { + LOG_ERR("oom"); + return tool_rc_general_error; + } ctx.out_public->size = 0; bool res = files_load_public(ctx.ek_path, ctx.out_public); if (!res) { diff --git a/tools/tpm2_nvreadpublic.c b/tools/tpm2_nvreadpublic.c index b39d1ac7c..597ff6d17 100644 --- a/tools/tpm2_nvreadpublic.c +++ b/tools/tpm2_nvreadpublic.c @@ -243,6 +243,10 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { */ if (!ctx.is_command_dispatch) { ctx.nv_public_list[0] = malloc(sizeof(TPM2B_NV_PUBLIC)); + if (!ctx.nv_public_list[0]) { + LOG_ERR("oom"); + return tool_rc_general_error; + } } /* diff --git a/tools/tpm2_verifysignature.c b/tools/tpm2_verifysignature.c index 240165d63..5f7c3e968 100644 --- a/tools/tpm2_verifysignature.c +++ b/tools/tpm2_verifysignature.c @@ -196,6 +196,10 @@ static bool on_option(char key, char *value) { break; case 'd': { ctx.msg_hash = malloc(sizeof(TPM2B_DIGEST)); + if (!ctx.msg_hash) { + LOG_ERR("oom"); + return false; + } ctx.msg_hash->size = sizeof(ctx.msg_hash->buffer); if (!files_load_bytes_from_path(value, ctx.msg_hash->buffer, &ctx.msg_hash->size)) {