erase the plain-text VDM message after processing it.

Li-Aaron · Li-Aaron · commit 7de2efddcfb4 · 2025-11-10T10:00:02.000+08:00
fix #2426 Signed-off-by: Aaron Li <aaron.li@intel.com>
diff --git a/library/spdm_requester_lib/libspdm_req_handle_error_response.c b/library/spdm_requester_lib/libspdm_req_handle_error_response.c
@@ -453,6 +453,7 @@ libspdm_return_t libspdm_handle_error_large_response(
             *inout_response_size = large_response_size;
 
             LIBSPDM_INTERNAL_DUMP_HEX(large_response, large_response_size);
+            libspdm_zero_mem(large_response, large_response_size);
         }
     }
 
diff --git a/library/spdm_requester_lib/libspdm_req_send_receive.c b/library/spdm_requester_lib/libspdm_req_send_receive.c
@@ -95,6 +95,10 @@ libspdm_return_t libspdm_send_request(void *spdm_context, const uint32_t *sessio
     status = context->transport_encode_message(
         context, session_id, is_app_message, true, request_size,
         request, &message_size, (void **)&message);
+    if (session_id != NULL) {
+        /* clean up secure message which was copied to scratch buffer */
+        libspdm_zero_mem(request, request_size);
+    }
     if (LIBSPDM_STATUS_IS_ERROR(status)) {
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "transport_encode_message status - %xu\n", status));
         if ((session_id != NULL) &&
@@ -591,6 +595,7 @@ libspdm_return_t libspdm_handle_large_request(
              && send_info->chunk_bytes_transferred < send_info->large_message_size);
 
     if (LIBSPDM_STATUS_IS_ERROR(status)) {
+        libspdm_zero_mem(send_info->large_message, send_info->large_message_capacity);
         send_info->chunk_in_use = false;
         send_info->chunk_handle++; /* Implicit wrap-around*/
         send_info->chunk_seq_no = 0;
@@ -749,6 +754,7 @@ libspdm_return_t libspdm_receive_spdm_response(libspdm_context_t *spdm_context,
 
         /* This response may either be an actual response or ERROR_LARGE_RESPONSE,
          * the latter which should be handled in the large response handler. */
+        libspdm_zero_mem(send_info->large_message, send_info->large_message_capacity);
         send_info->chunk_in_use = false;
         send_info->chunk_handle++; /* Implicit wrap-around*/
         send_info->chunk_seq_no = 0;
diff --git a/library/spdm_requester_lib/libspdm_req_vendor_request.c b/library/spdm_requester_lib/libspdm_req_vendor_request.c
@@ -167,6 +167,7 @@ libspdm_return_t libspdm_try_vendor_send_request_receive_response(
         libspdm_release_sender_buffer (spdm_context);
         return LIBSPDM_STATUS_SEND_FAIL;
     }
+    libspdm_zero_mem(message, message_size);
     libspdm_release_sender_buffer (spdm_context);
     spdm_request = (void *)spdm_context->last_spdm_request;
 
@@ -296,6 +297,14 @@ libspdm_return_t libspdm_try_vendor_send_request_receive_response(
 
     status = LIBSPDM_STATUS_SUCCESS;
 done:
+    libspdm_zero_mem(spdm_context->last_spdm_request,
+                     libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context));
+    spdm_context->last_spdm_request_size = 0;
+    /*
+     * reciver buffer "message" contains crypted message
+     * "spdm_response" contains the plain-text VDM message
+     */
+    libspdm_zero_mem(spdm_response, spdm_response_size);
     libspdm_release_receiver_buffer (spdm_context); /* this will free up response-message, need to find workaround */
     return status;
 }
diff --git a/library/spdm_responder_lib/libspdm_rsp_chunk_get.c b/library/spdm_responder_lib/libspdm_rsp_chunk_get.c
@@ -208,6 +208,7 @@ libspdm_return_t libspdm_get_response_chunk_get(
 
     LIBSPDM_ASSERT(get_info->chunk_bytes_transferred <= get_info->large_message_size);
     if (get_info->chunk_bytes_transferred == get_info->large_message_size) {
+        libspdm_zero_mem(get_info->large_message, get_info->large_message_capacity);
         get_info->chunk_in_use = false;
         get_info->chunk_handle++; /* implicit wrap - around to 0. */
         get_info->chunk_seq_no = 0;
diff --git a/library/spdm_responder_lib/libspdm_rsp_receive_send.c b/library/spdm_responder_lib/libspdm_rsp_receive_send.c
@@ -284,6 +284,7 @@ libspdm_return_t libspdm_process_request(void *spdm_context, uint32_t **session_
                       libspdm_get_scratch_buffer_last_spdm_request_capacity(context),
                       decoded_message_ptr,
                       decoded_message_size);
+    libspdm_zero_mem (decoded_message_ptr, decoded_message_size);
 
     if (!(*is_app_message)) {
         /* Check for minimal SPDM message size. */
@@ -738,15 +739,16 @@ libspdm_return_t libspdm_build_response(void *spdm_context, const uint32_t *sess
      * return UNSUPPORTED and clear response_size to continue the dispatch without send response.*/
     if ((my_response_size == 0) && (status == LIBSPDM_STATUS_UNSUPPORTED_CAP)) {
         *response_size = 0;
-        return LIBSPDM_STATUS_UNSUPPORTED_CAP;
+        status = LIBSPDM_STATUS_UNSUPPORTED_CAP;
+        goto done;
     }
 
     if (LIBSPDM_STATUS_IS_ERROR(status)) {
         status = libspdm_generate_error_response(
             context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
             spdm_request->request_response_code, &my_response_size, my_response);
         if (LIBSPDM_STATUS_IS_ERROR(status)) {
-            return status;
+            goto done;
         }
     }
 
@@ -767,7 +769,7 @@ libspdm_return_t libspdm_build_response(void *spdm_context, const uint32_t *sess
             libspdm_free_session_id(context, *session_id);
         }
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "transport_encode_message : %xu\n", status));
-        return status;
+        goto done;
     }
 
     request_response_code = spdm_response->request_response_code;
@@ -857,7 +859,19 @@ libspdm_return_t libspdm_build_response(void *spdm_context, const uint32_t *sess
         }
     }
 
-    return LIBSPDM_STATUS_SUCCESS;
+    status = LIBSPDM_STATUS_SUCCESS;
+done:
+    if (spdm_request->request_response_code == SPDM_VENDOR_DEFINED_REQUEST) {
+        if (session_id != NULL) {
+            /* clean plain text in stratch buffer */
+            libspdm_zero_mem (my_response, my_response_size);
+        }
+        libspdm_zero_mem (context->last_spdm_request,
+                          libspdm_get_scratch_buffer_last_spdm_request_capacity(context));
+        context->last_spdm_request_size = 0;
+        context->last_spdm_request_session_id_valid = false;
+    }
+    return status;
 }
 
 void libspdm_register_get_response_func(void *context, libspdm_get_response_func get_response_func)
diff --git a/library/spdm_responder_lib/libspdm_rsp_respond_if_ready.c b/library/spdm_responder_lib/libspdm_rsp_respond_if_ready.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2025 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -69,6 +69,9 @@ libspdm_return_t libspdm_get_response_respond_if_ready(libspdm_context_t *spdm_c
                                spdm_context->cache_spdm_request,
                                response_size, response);
 
+    libspdm_zero_mem(spdm_context->cache_spdm_request, spdm_context->cache_spdm_request_size);
+    spdm_context->cache_spdm_request_size = 0;
+
     return status;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -453,6 +453,7 @@ libspdm_return_t libspdm_handle_error_large_response(`
`453`	`453`	`*inout_response_size = large_response_size;`
`454`	`454`
`455`	`455`	`LIBSPDM_INTERNAL_DUMP_HEX(large_response, large_response_size);`
	`456`	`+ libspdm_zero_mem(large_response, large_response_size);`
`456`	`457`	`}`
`457`	`458`	`}`
`458`	`459`