`SET_CERTIFICATE.Param1` case is not handled

DMTF / libspdm

BSD 3-Clause "New" or "Revised" License

104 stars 100 forks source link

`SET_CERTIFICATE.Param1` case is not handled #2746

Closed steven-bellock closed 3 months ago

steven-bellock commented 3 months ago

Param1 is set in https://github.com/DMTF/libspdm/blob/883c31e794ea49b8d4203012e9b1e88d9873e82d/library/spdm_requester_lib/libspdm_req_set_certificate.c#L118-L139 It does not handle the case when Erase is not set. In such a case Param1 is just the slot ID, which ignores the certificate model field.

steven-bellock commented 3 months ago

In addition

 if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) { 
     /*And the bit[0~3] of request_attribute must be 0.*/ 
     if ((request_attribute & SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK) != 0) { 
         return LIBSPDM_STATUS_INVALID_PARAMETER; 
     }

is incorrect as the send buffer has already been acquired. This check needs to be before the send buffer has been acquired.