On Mon, 2019-04-01 at 11:52 -0700, Kees Cook wrote: > @@ -559,6 +559,9 @@ int tpm1_get_random(struct tpm_chip *chip, u8 > *dest, size_t max) > rc = total ? (int)total : -EIO; > out: > tpm_buf_destroy(&buf); > +fail: > + if (rc > 0) > + rc = -EIO; > return rc; > } No: same problem. If we're successful rc is set to total (a positive integer) so as it falls through to fail: it's converted to -EIO which means we never return success. James
