Fix security vulnerabilities identified by Fenrir scanner#461
Merged
dgarske merged 1 commit intowolfSSL:masterfrom Feb 25, 2026
Merged
Fix security vulnerabilities identified by Fenrir scanner#461dgarske merged 1 commit intowolfSSL:masterfrom
dgarske merged 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses multiple security findings reported by the Fenrir scanner and a static analysis report across the TPM packet parsing, parameter encryption, Linux transport, ASN decoding, and wrapper memory-handling paths.
Changes:
- Adds bounds checks / clamping in several TPM response parsing routines to prevent OOB reads/writes and infinite loops.
- Hardens parameter encryption/decryption by validating key material sizes and force-zeroing sensitive stack buffers.
- Improves safety in wrapper cleanup/free paths (force-zero before free) and adds unit tests for NULL-argument handling.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/unit_tests.c | Adds unit tests for NULL argument handling in policy commands and NULL-safe wrapper free functions. |
| src/tpm2_wrap.c | Force-zeros heap-allocated key/session/template structures before free; fixes inputs to TPM2_ZGen_2Phase in ECDHE path. |
| src/tpm2_param_enc.c | Adds key-size validation to prevent buffer overflow; ensures sensitive buffers are force-zeroed on exit. |
| src/tpm2_packet.c | Adds guards for negative copy sizes and clamps parsed field sizes to destination buffers. |
| src/tpm2_linux.c | Fixes EOF detection logic in read() handling (ret == 0) and returns failure accordingly. |
| src/tpm2_cryptocb.c | Ensures BAD_FUNC_ARG is returned for invalid HMAC context regardless of DEBUG flags. |
| src/tpm2_asn.c | Adds an rc check before exponent parsing in RSA public key ASN decoder. |
| src/tpm2.c | Adds bounds checks on parsed counts/sizes, fixes handle count in TPM2_GetSessionAuditDigest, fixes PCR_Event loop termination, and adds NULL checks for select policy commands. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dgarske
previously approved these changes
Feb 24, 2026
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aidangarske
force-pushed
the
fix-fenrir-wolftpm
branch
from
754a053 to
e50586d
Compare
dgarske
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.