From 0ccbb50494fe267d7205e76885be0190a0e7be80 Mon Sep 17 00:00:00 2001
From: Brandon Weeks <bweeks@google.com>
Date: Wed, 8 Mar 2023 13:32:50 -0800
Subject: [PATCH] Handle multiple ELAM events (#309)

---
 attest/win_events.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/attest/win_events.go b/attest/win_events.go
index 5e56315..28b2daf 100644
--- a/attest/win_events.go
+++ b/attest/win_events.go
@@ -678,7 +678,7 @@ func (w *WinEvents) parseUTF16(header microsoftEventHeader, r io.Reader) (string
 	return strings.TrimSuffix(string(utf16.Decode(data)), "\x00"), nil
 }
 
-func (w *WinEvents) readELAMAggregation(rdr *bytes.Reader, header microsoftEventHeader) error {
+func (w *WinEvents) readELAMAggregation(rdr io.Reader, header microsoftEventHeader) error {
 	var (
 		r          = &io.LimitedReader{R: rdr, N: int64(header.Size)}
 		driverName string
@@ -698,6 +698,11 @@ func (w *WinEvents) readELAMAggregation(rdr *bytes.Reader, header microsoftEvent
 
 		var err error
 		switch h.Type {
+		case elamAggregation:
+			w.readELAMAggregation(r, h)
+			if r.N == 0 {
+				return nil
+			}
 		case elamKeyname:
 			if driverName != "" {
 				return errors.New("duplicate driver name in ELAM aggregation event")