security/intel/txt: Avoid shifting by a negative value

Coverity detects an integer handling issue with BAD_SHIFT. The inline function log2_ceil(u32 x) { return (x == 0) ? -1 : log2(x * 2 - 1); } could return -1, which causes shifting by a negative amount value and has undefined behavior. Add sanity check for the acm_header->size to avoid shifting negative value. Found-by: Coverity CID 1431124 TEST=None Signed-off-by: John Zhao <john.zhao@intel.com> Change-Id: Ic687349b14917e39d2a8186968037ca2521c7cdc Reviewed-on: https://review.coreboot.org/c/coreboot/+/44186 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
author: John Zhao <john.zhao@intel.com> 2020-08-04 11:29:08 -0700
committer: Philipp Deppenwiese <zaolin.daisuki@gmail.com> 2020-08-06 11:52:21 +0000
commit: 536e9651edb1b05ff417f323b9cd7294cf20e692 (patch)
tree: 2d4c067a53388a01269c2ef1a69e0be83b464492 /src/security
parent: fc24da940dfe3d02c49d0612c5ac42a2cea1590f (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
index d3e18376a5..f16bbea141 100644
--- a/src/security/intel/txt/common.c
+++ b/src/security/intel/txt/common.c
@@ -149,6 +149,9 @@ static int validate_acm(const void *ptr)
 	if (acm_header->module_vendor != INTEL_ACM_VENDOR)
 		return ACM_E_MODULE_VENDOR_NOT_INTEL;
 
+	if (acm_header->size == 0)
+		return ACM_E_SIZE_INCORRECT;
+
 	if (((acm_header->header_len + acm_header->scratch_size) * sizeof(uint32_t) +
 	    sizeof(struct acm_info_table)) > (acm_header->size & 0xffffff) * sizeof(uint32_t)) {
 		return ACM_E_SIZE_INCORRECT;
author	John Zhao <john.zhao@intel.com>	2020-08-04 11:29:08 -0700
committer	Philipp Deppenwiese <zaolin.daisuki@gmail.com>	2020-08-06 11:52:21 +0000
commit	536e9651edb1b05ff417f323b9cd7294cf20e692 (patch)
tree	2d4c067a53388a01269c2ef1a69e0be83b464492 /src/security
parent	fc24da940dfe3d02c49d0612c5ac42a2cea1590f (diff)