A few more minor Coverity fixes.

dgarske · dgarske · commit 5a70253d03ea · 2025-12-03T15:54:21.000-08:00
diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c
@@ -99,6 +99,7 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[])
     }
 
     XMEMSET(&primary, 0, sizeof(primary));
+    XMEMSET(&handle, 0, sizeof(handle));
 
     printf("Demo how to create a credential challenge for remote attestation\n");
     printf("Credential will be stored in %s\n", output);
diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c
@@ -933,7 +933,6 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     }
     else if (WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) {
         printf("Encrypt/Decrypt: Is not a supported feature due to export controls\n");
-        rc = TPM_RC_SUCCESS; /* clear error code */
     }
     else {
         printf("Encrypt/Decrypt test failed, result not as expected!\n");
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -1682,6 +1682,9 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
     /* key is bindAuthValue || salt */
     XMEMSET(&keyIn, 0, sizeof(keyIn));
     if (bind && bind->auth.size > 0) {
+        if (bind->auth.size > (UINT16)sizeof(bind->auth.buffer)) {
+            return BUFFER_E;
+        }
         if ((keyIn.size + bind->auth.size) > (UINT16)sizeof(keyIn.buffer)) {
             return BUFFER_E;
         }
@@ -1690,6 +1693,9 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
         keyIn.size += bind->auth.size;
     }
     if (session->salt.size > 0) {
+        if (session->salt.size > (UINT16)sizeof(session->salt.buffer)) {
+            return BUFFER_E;
+        }
         if ((keyIn.size + session->salt.size) > (UINT16)sizeof(keyIn.buffer)) {
             return BUFFER_E;
         }
@@ -3690,12 +3696,14 @@ int wolfTPM2_EccKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
 
     /* load public key */
     qxSz = tpmKey->pub.publicArea.unique.ecc.x.size;
-    if (qxSz > sizeof(qx)) {
+    if (qxSz > sizeof(qx) ||
+        qxSz > sizeof(tpmKey->pub.publicArea.unique.ecc.x.buffer)) {
         return BUFFER_E;
     }
     XMEMCPY(qx, tpmKey->pub.publicArea.unique.ecc.x.buffer, qxSz);
     qySz = tpmKey->pub.publicArea.unique.ecc.y.size;
-    if (qySz > sizeof(qy)) {
+    if (qySz > sizeof(qy) ||
+        qySz > sizeof(tpmKey->pub.publicArea.unique.ecc.y.buffer)) {
         return BUFFER_E;
     }
     XMEMCPY(qy, tpmKey->pub.publicArea.unique.ecc.y.buffer, qySz);

Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[])`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`XMEMSET(&primary, 0, sizeof(primary));`
	`102`	`+ XMEMSET(&handle, 0, sizeof(handle));`
`102`	`103`
`103`	`104`	`printf("Demo how to create a credential challenge for remote attestation\n");`
`104`	`105`	`printf("Credential will be stored in %s\n", output);`
Original file line number	Diff line number	Diff line change
`@@ -933,7 +933,6 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])`
`933`	`933`	`}`
`934`	`934`	`else if (WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) {`
`935`	`935`	`printf("Encrypt/Decrypt: Is not a supported feature due to export controls\n");`
`936`		`- rc = TPM_RC_SUCCESS; /* clear error code */`
`937`	`936`	`}`
`938`	`937`	`else {`
`939`	`938`	`printf("Encrypt/Decrypt test failed, result not as expected!\n");`