Fix buffer overflow in secure state verification

Now let's not worry about who put it there; the important part is that it is fixed. (cherry picked from commit 0c9cb66d262568f076a0ec1806e5edc56c6e38a5)

Fix buffer overflow in secure state verification
Now let's not worry about who put it there; the important part is that it is fixed. (cherry picked from commit 0c9cb66d262568f076a0ec1806e5edc56c6e38a5)
0c84b674 · Cody Cutler · Mike Hibler · e16f4a1f · 0c84b674
Commit 0c84b674 authored Aug 21, 2012 by Cody Cutler Committed by Mike Hibler Aug 21, 2012
--- a/tmcd/tmcd.c
+++ b/tmcd/tmcd.c
@@ -5197,7 +5197,7 @@ COMMAND_PROTOTYPE(dosecurestate)
        char            quote[1024];
        char            pcomp[1024];
        unsigned char   quote_bin[256];
-        unsigned char   pcomp_bin[128];
+        unsigned char   pcomp_bin[512];
 	ssize_t		pcomplen, quotelen;
        int             quote_passed;
        char            result[16];
@@ -5256,6 +5256,13 @@ COMMAND_PROTOTYPE(dosecurestate)
 		return 1;
 	}
        pcomplen = strlen(pcomp)/2;
+
+	if (pcomplen > sizeof(pcomp_bin)) {
+		error("SECURESTATE: %s: pcomp is too big (%zd)\n",
+		    reqp->nodeid, pcomplen);
+		return 1;
+	}
+
        for (i = 0; i < pcomplen; i++) {
 		if (!ishex(pcomp[i * 2]) || !ishex(pcomp[i * 2 + 1])) {
 			error("Error parsing pcomp\n");