Merge pull request #427 from dgarske/zd20237

Fix possible buffer overrun issues

Author: embhorn

.github/workflows/make-test-swtpm.yml

@@ -139,6 +139,16 @@ jobs:
     - name: make debug io
       run: make
 
+# build with clang address sanitizer
+    - name: configure clang asan
+      run: ./configure --enable-swtpm CC=clang CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
+    - name: make clang asan
+      run: make
+    - name: make check clang asan
+      run: |
+        make check
+        ASAN_OPTIONS=detect_leaks=1:abort_on_error=1 WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh
+
 # build pedantic
     - name: configure pedantic
       run: ./configure CFLAGS="-Wpedantic"
@@ -230,6 +240,16 @@ jobs:
         make check
         WOLFSSL_PATH=./wolfssl NO_PUBASPRIV=1 ./examples/run_examples.sh
 
+# test with symmetric encryption
+    - name: configure symmetric
+      run: ./configure --enable-swtpm CFLAGS="-DWOLFTPM_USE_SYMMETRIC"
+    - name: make symmetric
+      run: make
+    - name: make check symmetric
+      run: |
+        make check
+        WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh
+
 # capture logs on failure
     - name: Upload failure logs
       if: failure()

src/tpm2.c

@@ -6328,6 +6328,9 @@ int TPM2_GetWolfRng(WC_RNG** rng)
             printf("wc_InitRng_ex failed %d: %s\n",
                 (int)rc, wc_GetErrorString(rc));
         #endif
+            if (rng) {
+                *rng = NULL;
+            }
             return rc;
         }
         ctx->rngInit = 1;