Check enough data available to read

2 files changed, 52 insertions, 9 deletions

diff --git a/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c b/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c
index a8c07415a..96c01270c 100644
--- a/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c
+++ b/src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c
@@ -305,6 +305,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after;
 	time_t measurement_time;
 	bool has_pcr_info = FALSE, has_validation = FALSE;
+	status_t status = FAILED;
 
 	if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
 	{
@@ -349,17 +350,42 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
 		validation == PTS_COMP_EVID_VALIDATION_PASSED)
 	{
-		reader->read_uint16(reader, &len);
-		reader->read_data(reader, len, &policy_uri);
+		if (!reader->read_uint16(reader, &len))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+						  "Verification Policy URI Lenght");
+			goto end;
+		}
+		if (!reader->read_data(reader, len, &policy_uri))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+						  "Verification Policy URI");
+			goto end;
+		}
 		has_validation = TRUE;
 	}
 	
 	/*  Are optional PCR value fields included? */
 	if (flags & PTS_SIMPLE_COMP_EVID_FLAG_PCR)
 	{
-		reader->read_uint16(reader, &len);
-		reader->read_data(reader, len, &pcr_before);
-		reader->read_data(reader, len, &pcr_after);
+		if (!reader->read_uint16(reader, &len))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+						  "PCR Value length");
+			goto end;
+		}
+		if (!reader->read_data(reader, len, &pcr_before))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+						  "PCR Before Value");
+			goto end;
+		}
+		if (!reader->read_data(reader, len, &pcr_after))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+						  "PCR After Value");
+			goto end;
+		}
 		has_pcr_info = TRUE;
 	}
 
@@ -390,6 +416,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	}
 
 	return SUCCESS;
+
+end:
+	reader->destroy(reader);
+	return status;
 }
 
 METHOD(pa_tnc_attr_t, destroy, void,
diff --git a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
index e610da35c..7e3dcd0e5 100644
--- a/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
+++ b/src/libpts/tcg/tcg_pts_attr_simple_evid_final.c
@@ -198,7 +198,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	u_int8_t flags, reserved;
 	u_int16_t algorithm;
 	u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len;
-		
+	status_t status = FAILED;
 	
 	if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE)
 	{
@@ -237,9 +237,18 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		reader->read_data(reader, pcr_comp_len, &this->pcr_comp);
 		this->pcr_comp = chunk_clone(this->pcr_comp);
 		
-		/* TODO check if enough message data is available */
-		reader->read_uint32(reader, &tpm_quote_sig_len);
-		reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig);
+		if (!reader->read_uint32(reader, &tpm_quote_sig_len))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+						  "TPM Quote Singature Lenght");
+			goto end;
+		}
+		if (!reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig))
+		{
+			DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+						  "TPM Quote Singature");
+			goto end;
+		}
 		this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig);
 	}
 	
@@ -253,6 +262,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	
 	reader->destroy(reader);
 	return SUCCESS;
+
+end:
+	reader->destroy(reader);
+	return status;
 }
 
 METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t,