SecurityPkg: Clear LocalAuthSession content after use.

Some commands in DxeTcg2PhysicalPresenceLib accept
AuthSession as input parameter and copy to local
command buffer. After use, this AuthSession content
should be zeroed, because there might be some secrete
there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

1 files changed, 6 insertions, 2 deletions

diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 8912ee4108..e34fd8da25 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -225,7 +225,7 @@ Tpm2CommandAllocPcr (
              );

   DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));

   if (EFI_ERROR (Status)) {

-    return Status;

+    goto Done;

   }

 

   DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));

@@ -233,7 +233,9 @@ Tpm2CommandAllocPcr (
   DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));

   DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));

 

-  return EFI_SUCCESS;

+Done:

+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));

+  return Status;

 }

 

 /**

@@ -264,6 +266,8 @@ Tpm2CommandChangeEps (
 

   Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);

   DEBUG ((EFI_D_INFO, "Tpm2ChangeEPS - %r\n", Status));

+

+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));

   return Status;

 }