Skip to content

Commit

Permalink
Fix the vendor defined message length check in requester.
Browse files Browse the repository at this point in the history
Signed-off-by: Jiewen Yao <[email protected]>
  • Loading branch information
jyao1 committed Apr 24, 2024
1 parent fbcec93 commit ce516d4
Showing 1 changed file with 15 additions and 5 deletions.
20 changes: 15 additions & 5 deletions library/spdm_requester_lib/libspdm_req_vendor_request.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
/**
* Copyright 2023 DMTF. All rights reserved.
* Copyright Notice:
* Copyright 2023-2024 DMTF. All rights reserved.
* License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
**/

Expand Down Expand Up @@ -147,10 +148,7 @@ libspdm_return_t libspdm_try_vendor_send_request_receive_response(
}

/* -=[Validate Response Phase]=- */
/* check response buffer size at least spdm response default header plus
* number of bytes required by vendor id and 2 bytes for response payload size */
if (spdm_response_size < sizeof(spdm_vendor_defined_response_msg_t) +
spdm_response->vendor_id_len + sizeof(uint16_t)) {
if (spdm_response_size < sizeof(spdm_message_header_t)) {
status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
goto done;
}
Expand All @@ -172,6 +170,18 @@ libspdm_return_t libspdm_try_vendor_send_request_receive_response(
goto done;
}

if (spdm_response_size < sizeof(spdm_vendor_defined_response_msg_t)) {
status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
goto done;
}
/* check response buffer size at least spdm response default header plus
* number of bytes required by vendor id and 2 bytes for response payload size */
if (spdm_response_size < sizeof(spdm_vendor_defined_response_msg_t) +
spdm_response->vendor_id_len + sizeof(uint16_t)) {
status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
goto done;
}

*resp_standard_id = spdm_response->standard_id;
if (*resp_vendor_id_len < spdm_response->vendor_id_len) {
status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
Expand Down

0 comments on commit ce516d4

Please sign in to comment.