SmmPasswordHandler does not clear password data (Bugzilla Bug 4706)

[tianocore-issues]

This issue was created automatically with bugzilla2github

Bugzilla Bug 4706

Date: 2024-02-23T13:07:10+00:00
From: @jkmathews
To: @nate-desimone
CC: @lgao4

Last updated: 2024-03-05T21:52:26+00:00

[tianocore-issues]

Comment 22642

Date: 2024-02-23 13:07:10 +0000
From: @jkmathews

• Industry Specification: ---
• Release Observed: edk2-stable202302
• Releases to Fix: EDK II Master
• Target OS: ---
• Bugzilla Assignee(s): @nate-desimone

It is recommended to clear/zero password data from memory before exiting from the function SmmPasswordHandler().

Issue #1:
In the case SMM_PASSWORD_FUNCTION_SET_PASSWORD, the new and old password are copied into a local variable SmmCommunicateSetPassword. When code reaches the end of case or hits a goto EXIT statement, the SmmCommunicateSetPassword variable is not zero'd.

edk2-platforms/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c

Line 484 in 7f42d40

case SMM_PASSWORD_FUNCTION_SET_PASSWORD:

Issue #2:
In the case SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD, the password is copied into a local variable SmmCommunicateVerifyPassword. When code reaches the end of case or hits a goto EXIT statement, the SmmCommunicateVerifyPassword variable is not zero'd.

edk2-platforms/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c

Line 540 in 7f42d40

case SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD:

[tianocore-issues]

Comment 22703

Date: 2024-03-05 21:52:26 +0000
From: @lgao4

[email protected]: please check it.