Add check for slot_id 0xFF to prevent out-of-bond access.

Signed-off-by: Jiewen Yao <[email protected]>
DMTF · Aug 20, 2024 · 8b95512 · 8b95512
1 parent dd2b624
commit 8b95512
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 5 deletions.
diff --git a/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c b/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c
@@ -85,7 +85,8 @@ libspdm_return_t libspdm_get_encap_response_challenge_auth(
     }
 
     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
-        context->connection_info.multi_key_conn_req) {
+        context->connection_info.multi_key_conn_req &&
+        (slot_id != 0xFF)) {
         if ((context->local_context.local_key_usage_bit_mask[slot_id] &
              SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE) == 0) {
             return libspdm_generate_encap_error_response(

diff --git a/library/spdm_requester_lib/libspdm_req_key_exchange.c b/library/spdm_requester_lib/libspdm_req_key_exchange.c
@@ -563,7 +563,8 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange(
                 goto receive_done;
             }
             if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
-                spdm_context->connection_info.multi_key_conn_req) {
+                spdm_context->connection_info.multi_key_conn_req &&
+                (*req_slot_id_param != 0xf)) {
                 if ((spdm_context->local_context.local_key_usage_bit_mask[*req_slot_id_param] &
                      SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE) == 0) {
                     libspdm_secured_message_dhe_free(

diff --git a/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c b/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c
@@ -114,7 +114,8 @@ libspdm_return_t libspdm_get_response_challenge_auth(libspdm_context_t *spdm_con
     }
 
     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
-        spdm_context->connection_info.multi_key_conn_rsp) {
+        spdm_context->connection_info.multi_key_conn_rsp &&
+        (slot_id != 0xFF)) {
         if ((spdm_context->local_context.local_key_usage_bit_mask[slot_id] &
              SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE) == 0) {
             return libspdm_generate_error_response(

diff --git a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c
@@ -292,7 +292,8 @@ libspdm_return_t libspdm_get_response_key_exchange(libspdm_context_t *spdm_conte
     }
 
     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
-        spdm_context->connection_info.multi_key_conn_rsp) {
+        spdm_context->connection_info.multi_key_conn_rsp &&
+        (slot_id != 0xff)) {
         if ((spdm_context->local_context.local_key_usage_bit_mask[slot_id] &
              SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE) == 0) {
             return libspdm_generate_error_response(

diff --git a/library/spdm_responder_lib/libspdm_rsp_measurements.c b/library/spdm_responder_lib/libspdm_rsp_measurements.c
@@ -400,7 +400,8 @@ libspdm_return_t libspdm_get_response_measurements(libspdm_context_t *spdm_conte
             }
 
             if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
-                spdm_context->connection_info.multi_key_conn_rsp) {
+                spdm_context->connection_info.multi_key_conn_rsp &&
+                (slot_id_param != 0xF)) {
                 if ((spdm_context->local_context.local_key_usage_bit_mask[slot_id_param] &
                      SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE) == 0) {
                     return libspdm_generate_error_response(