When calculating what size to use as max size for the SensitiveData buffer the following expression is used ::std::mem::size_of::<TPM2B_SENSITIVE_DATA>(). This is incorrect this will include the size value (an u16 value) when calculating the maximum size of the buffer. Which in turn means it would be possible to create a structure that contains more data then is allowed.
The following test shows the issue:
#[test]
fn test_conversion_from_max_size_buffer() {
let data = vec![1u8; SensitiveData::MAX_SIZE];
let sensitive_data = SensitiveData::try_from(data)
.expect("It should be possible to convert maximum amount of data into SensitiveData.");
TPM2B_SENSITIVE_DATA::try_from(sensitive_data)
.expect("It should be possible to valid convert SensitiveData into TPM2B_SENSITIVE_DATA.");
}
That test will create the following error:
running 1 test
thread 'structures_tests::buffers_tests::sensitive_create_buffer_tests::test_conversion_from_max_size_buffer' panicked at tss-esapi/src/structures/buffers.rs:357:5:
range end index 258 out of range for slice of length 256
When calculating what size to use as max size for the SensitiveData buffer the following expression is used
::std::mem::size_of::<TPM2B_SENSITIVE_DATA>(). This is incorrect this will include the size value (an u16 value) when calculating the maximum size of the buffer. Which in turn means it would be possible to create a structure that contains more data then is allowed.The following test shows the issue:
That test will create the following error: