Re: [edk2] [patch] SecurityPkg: Clear LocalAuthSession content after use.

Thu, 10 Mar 2016 06:09:48 -0800 

Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>





Thanks & Best regards
Chao Zhang


-----Original Message-----
From: Yao, Jiewen 
Sent: Thursday, March 10, 2016 1:53 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: Clear LocalAuthSession content after use.

Some commands in DxeTcg2PhysicalPresenceLib accept AuthSession as input 
parameter and copy to local command buffer. After use, this AuthSession content 
should be zeroed, because there might be some secrete there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen....@intel.com>
Cc: "Zhang, Chao B" <chao.b.zh...@intel.com>
---
 .../DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c       | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c 
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 8912ee4..e34fd8d 100644
--- 
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPres
+++ enceLib.c
@@ -225,7 +225,7 @@ Tpm2CommandAllocPcr (
              );
   DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
   if (EFI_ERROR (Status)) {
-    return Status;
+    goto Done;
   }
 
   DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); @@ 
-233,7 +233,9 @@ Tpm2CommandAllocPcr (
   DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
   DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
 
-  return EFI_SUCCESS;
+Done:
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+  return Status;
 }
 
 /**
@@ -264,6 +266,8 @@ Tpm2CommandChangeEps (
 
   Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);
   DEBUG ((EFI_D_INFO, "Tpm2ChangeEPS - %r\n", Status));
+
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
   return Status;
 }
 
--
1.9.5.msysgit.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to