Tss2_PolicyGetDescription() does not null-terminate

[joholl]

Tss2_PolicyGetDescription() returns a description field as a string (it uses strlen() internally), but it does not null-terminate the string for the caller. Instead of memcpy(), strcpy() should be used (and len/*size will have to be incremented by one).

I found this issue using clang-tidy. This is going to be fixed in an upcoming PR by me.

tpm2-tss/src/tss2-policy/tss2_policy.c

Lines 384 to 427 in 8d19bd1

	/** Retrieve the description field of a policy.
	*
	* The policy description is only a valid pointer for the lifetime of policy_ctx.
	*
	* @param[in] policy_ctx The policy context from Tss2_PolicyInstantiate.
	* @param[in] description The description from the policy file.
	*
	* @retval TSS2_RC_SUCCESS After the end of the wait.
	* @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed.
	*/
	TSS2_RC
	Tss2_PolicyGetDescription(
	TSS2_POLICY_CTX *policy_ctx,
	char *buffer,
	size_t *size)
	{
	policy_check_not_null(policy_ctx);
	policy_check_not_null(size);
	LOG_TRACE("called for policy_path(%s)",
	policy_ctx->path);
	const char *description = policy_ctx->policy.description;
	size_t len = strlen(description);
	/* NULL buffer let calller know size */
	if (!buffer) {
	*size = len;
	return TSS2_RC_SUCCESS;
	}
	/* specified buffer but too small, let caller know size and error */
	if (*size < len) {
	*size = len;
	return_if_error(TSS2_POLICY_RC_BUFFER_TOO_SMALL, "Specified buffer is too small");
	}
	/* all is well, copy it to user and let them know size */
	*size = len;
	memcpy(buffer, description, len);
	LOG_TRACE("finished, returning: 0x0");
	return TSS2_RC_SUCCESS;
	}

I took the liberty to flag this as a bug. Feel free to remove the label if you think otherwise.