SecurityPkg: Clear LocalAuthSession content after use.
authorJiewen Yao <jiewen.yao@intel.com>
Thu, 10 Mar 2016 05:52:15 +0000 (21:52 -0800)
committerHao Wu <hao.a.wu@intel.com>
Fri, 11 Mar 2016 04:51:43 +0000 (12:51 +0800)
Some commands in DxeTcg2PhysicalPresenceLib accept
AuthSession as input parameter and copy to local
command buffer. After use, this AuthSession content
should be zeroed, because there might be some secrete
there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c

index 8912ee4108e329e367b5679198fe4d572d650536..e34fd8da25720e4bb2dfccf93686659f3c32d463 100644 (file)
@@ -225,7 +225,7 @@ Tpm2CommandAllocPcr (
              );\r
   DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));\r
   if (EFI_ERROR (Status)) {\r
-    return Status;\r
+    goto Done;\r
   }\r
 \r
   DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));\r
@@ -233,7 +233,9 @@ Tpm2CommandAllocPcr (
   DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));\r
   DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));\r
 \r
-  return EFI_SUCCESS;\r
+Done:\r
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));\r
+  return Status;\r
 }\r
 \r
 /**\r
@@ -264,6 +266,8 @@ Tpm2CommandChangeEps (
 \r
   Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);\r
   DEBUG ((EFI_D_INFO, "Tpm2ChangeEPS - %r\n", Status));\r
+\r
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));\r
   return Status;\r
 }\r
 \r