From 8b95512a7fed0b24a75edfc6d7459df845e08ad0 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Tue, 20 Aug 2024 09:52:20 +0800 Subject: [PATCH] Add check for slot_id 0xFF to prevent out-of-bond access. Signed-off-by: Jiewen Yao --- library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c | 3 ++- library/spdm_requester_lib/libspdm_req_key_exchange.c | 3 ++- library/spdm_responder_lib/libspdm_rsp_challenge_auth.c | 3 ++- library/spdm_responder_lib/libspdm_rsp_key_exchange.c | 3 ++- library/spdm_responder_lib/libspdm_rsp_measurements.c | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c b/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c index 996a2947079..af123bc5804 100644 --- a/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c +++ b/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c @@ -85,7 +85,8 @@ libspdm_return_t libspdm_get_encap_response_challenge_auth( } if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) && - context->connection_info.multi_key_conn_req) { + context->connection_info.multi_key_conn_req && + (slot_id != 0xFF)) { if ((context->local_context.local_key_usage_bit_mask[slot_id] & SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE) == 0) { return libspdm_generate_encap_error_response( diff --git a/library/spdm_requester_lib/libspdm_req_key_exchange.c b/library/spdm_requester_lib/libspdm_req_key_exchange.c index bf7534c20c7..95bfc637fe6 100644 --- a/library/spdm_requester_lib/libspdm_req_key_exchange.c +++ b/library/spdm_requester_lib/libspdm_req_key_exchange.c @@ -563,7 +563,8 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange( goto receive_done; } if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) && - spdm_context->connection_info.multi_key_conn_req) { + spdm_context->connection_info.multi_key_conn_req && + (*req_slot_id_param != 0xf)) { if ((spdm_context->local_context.local_key_usage_bit_mask[*req_slot_id_param] & SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE) == 0) { libspdm_secured_message_dhe_free( diff --git a/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c b/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c index 094dfdcfa47..39cc59e9aaa 100644 --- a/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c +++ b/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c @@ -114,7 +114,8 @@ libspdm_return_t libspdm_get_response_challenge_auth(libspdm_context_t *spdm_con } if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) && - spdm_context->connection_info.multi_key_conn_rsp) { + spdm_context->connection_info.multi_key_conn_rsp && + (slot_id != 0xFF)) { if ((spdm_context->local_context.local_key_usage_bit_mask[slot_id] & SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE) == 0) { return libspdm_generate_error_response( diff --git a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c index 3f8724a0c25..884af2752ed 100644 --- a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c +++ b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c @@ -292,7 +292,8 @@ libspdm_return_t libspdm_get_response_key_exchange(libspdm_context_t *spdm_conte } if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) && - spdm_context->connection_info.multi_key_conn_rsp) { + spdm_context->connection_info.multi_key_conn_rsp && + (slot_id != 0xff)) { if ((spdm_context->local_context.local_key_usage_bit_mask[slot_id] & SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE) == 0) { return libspdm_generate_error_response( diff --git a/library/spdm_responder_lib/libspdm_rsp_measurements.c b/library/spdm_responder_lib/libspdm_rsp_measurements.c index 9bd0094ac2c..2966991cddb 100644 --- a/library/spdm_responder_lib/libspdm_rsp_measurements.c +++ b/library/spdm_responder_lib/libspdm_rsp_measurements.c @@ -400,7 +400,8 @@ libspdm_return_t libspdm_get_response_measurements(libspdm_context_t *spdm_conte } if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) && - spdm_context->connection_info.multi_key_conn_rsp) { + spdm_context->connection_info.multi_key_conn_rsp && + (slot_id_param != 0xF)) { if ((spdm_context->local_context.local_key_usage_bit_mask[slot_id_param] & SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE) == 0) { return libspdm_generate_error_response(