From c5254214b25084709212e3f4c53deda841851e45 Mon Sep 17 00:00:00 2001
From: Andreas Fuchs <andreas.fuchs@infineon.com>
Date: Tue, 10 Feb 2026 09:20:05 +0100
Subject: [PATCH] Allocate the right amount of memory for auth_policy

For some reason we did a malloc(UINT16_MAX+...) which is way to much for a policy.

Signed-off-by: Andreas Fuchs <andreas.fuchs@infineon.com>

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 tools/tpm2_setprimarypolicy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/tpm2_setprimarypolicy.c b/tools/tpm2_setprimarypolicy.c
index 4641d4b66..87d839369 100644
--- a/tools/tpm2_setprimarypolicy.c
+++ b/tools/tpm2_setprimarypolicy.c
@@ -106,7 +106,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx, tpm2_option_flags flags) {
      */
     if (ctx.policy_path) {
 
-        ctx.auth_policy = malloc(UINT16_MAX + sizeof(uint16_t));
+        ctx.auth_policy = malloc(sizeof(*ctx.auth_policy));
         if (!ctx.auth_policy) {
             LOG_ERR("oom");
             return tool_rc_general_error;