DMTF/spdm-dump

Dynamic memory stored in 'm_requester_cert_chain_buffer' can be lost

Closed this issue · 0 comments

Zhiqiang520 commented

if add two duplicated parameters --req_cert_chain certchainSample_1.der --req_cert_chain certchainSample_2.der.

  1. first time, Dynamic memory stored in m_requester_cert_chain_buffer allocated through function read_input_file at line 606.

    spdm-dump/spdm_dump/spdm_dump.c

    Lines 604 to 608 in a4dc28d

    if (strcmp(argv[0], "--req_cert_chain") == 0) {
    if (argc >= 2) {
    res = read_input_file(
    argv[1], &m_requester_cert_chain_buffer,
    &m_requester_cert_chain_buffer_size);
  2. Continue loop iteration at Line 266, while argc>0 is true.

    spdm-dump/spdm_dump/spdm_dump.c

    Lines 266 to 267 in a4dc28d

    while (argc > 0) {
    if (strcmp(argv[0], "-r") == 0) {
  3. second time, Dynamic memory stored in m_requester_cert_chain_buffer allocated through function read_input_file at line 606,
    then the first time dynamic memory stored in m_requester_cert_chain_buffer is lost.

    spdm-dump/spdm_dump/spdm_dump.c

    Lines 604 to 608 in a4dc28d

    if (strcmp(argv[0], "--req_cert_chain") == 0) {
    if (argc >= 2) {
    res = read_input_file(
    argv[1], &m_requester_cert_chain_buffer,
    &m_requester_cert_chain_buffer_size);
  4. Maybe we should add the following code before Line 606.
    if (m_requester_cert_chain_buffer != NULL) {
        free(m_requester_cert_chain_buffer);
    }
  1. The similar case in --rsp_cert_chain side.

    spdm-dump/spdm_dump/spdm_dump.c

    Lines 630 to 634 in a4dc28d

    if (strcmp(argv[0], "--rsp_cert_chain") == 0) {
    if (argc >= 2) {
    res = read_input_file(
    argv[1], &m_responder_cert_chain_buffer,
    &m_responder_cert_chain_buffer_size);