diff --git a/src/nvidia/src/libraries/libspdm/2.3.1/include/internal/libspdm_common_lib.h b/src/nvidia/src/libraries/libspdm/2.3.1/include/internal/libspdm_common_lib.h index f33d91598..142798389 100644 --- a/src/nvidia/src/libraries/libspdm/2.3.1/include/internal/libspdm_common_lib.h +++ b/src/nvidia/src/libraries/libspdm/2.3.1/include/internal/libspdm_common_lib.h @@ -14,6 +14,8 @@ #include "library/spdm_device_secret_lib.h" #define INVALID_SESSION_ID 0 +#define LIBSPDM_MAX_CT_EXPONENT 31 +#define LIBSPDM_MAX_RDT_EXPONENT 31 typedef struct { uint8_t spdm_version_count; diff --git a/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_get_capabilities.c b/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_get_capabilities.c index a4722955d..11d5b0ee7 100644 --- a/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_get_capabilities.c +++ b/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_get_capabilities.c @@ -279,6 +279,11 @@ static libspdm_return_t libspdm_try_get_capabilities(libspdm_context_t *spdm_con } } + if (spdm_response->ct_exponent > LIBSPDM_MAX_CT_EXPONENT) { + status = LIBSPDM_STATUS_INVALID_MSG_FIELD; + goto receive_done; + } + /* -=[Process Response Phase]=- */ status = libspdm_append_message_a(spdm_context, spdm_request, spdm_request_size); if (LIBSPDM_STATUS_IS_ERROR(status)) { diff --git a/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_handle_error_response.c b/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_handle_error_response.c index 542b6884b..03503e8e7 100644 --- a/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_handle_error_response.c +++ b/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_handle_error_response.c @@ -167,13 +167,16 @@ static libspdm_return_t libspdm_handle_response_not_ready(libspdm_context_t *spd if (extend_error_data->request_code != original_request_code) { return LIBSPDM_STATUS_INVALID_MSG_FIELD; } + if (extend_error_data->rd_exponent > LIBSPDM_MAX_RDT_EXPONENT) { + return LIBSPDM_STATUS_INVALID_MSG_FIELD; + } spdm_context->error_data.rd_exponent = extend_error_data->rd_exponent; spdm_context->error_data.request_code = extend_error_data->request_code; spdm_context->error_data.token = extend_error_data->token; spdm_context->error_data.rd_tm = extend_error_data->rd_tm; - libspdm_sleep_in_us((2 << extend_error_data->rd_exponent)); + libspdm_sleep_in_us((uint64_t)1 << extend_error_data->rd_exponent); return libspdm_requester_respond_if_ready(spdm_context, session_id, response_size, response, expected_response_code, diff --git a/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_send_receive.c b/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_send_receive.c index 6272dff9b..2659ff50b 100644 --- a/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_send_receive.c +++ b/src/nvidia/src/libraries/libspdm/2.3.1/library/spdm_requester_lib/libspdm_req_send_receive.c @@ -130,7 +130,7 @@ libspdm_return_t libspdm_receive_response(void *context, const uint32_t *session if (spdm_context->crypto_request) { timeout = spdm_context->local_context.capability.rtt + - ((uint64_t)2 << spdm_context->connection_info.capability.ct_exponent); + ((uint64_t)1 << spdm_context->connection_info.capability.ct_exponent); } else { timeout = spdm_context->local_context.capability.rtt + spdm_context->local_context.capability.st1;