Description:
In the SPDM 1.4 responder flow, request opaque length is parsed and then validated mainly through packet-size/arithmetic consistency, but there is no explicit protocol max-bound check against SPDM_MAX_OPAQUE_DATA_SIZE before deeper processing.
Observed Behavior
SPDM 1.4 PSK_FINISH responder parses opaque length and relies on size-flow checks.
No direct reject path tied specifically to protocol maximum opaque length.
Similar explicit max-bound logic exists in other responder paths (for example CSR), but not here.
Expected Behavior
Responder should explicitly validate request opaque length against protocol maximum and reject oversized values with INVALID_REQUEST.
Impact
Protocol robustness/compliance gap in input validation strictness.
Behavior differs from stricter parsing patterns used in comparable flows.
Severity
Medium (functional/protocol validation completeness, non-security by itself).
Suggested Fix
Add explicit max-bound validation for PSK_FINISH request opaque length in SPDM 1.4 responder path and return SPDM_ERROR_CODE_INVALID_REQUEST when exceeded. Add UT for oversized opaque length.
Present in Release 3.8.2
Not in the same form (older flow layout differs and does not include current 1.4 opaque parsing path).
Description:
In the SPDM 1.4 responder flow, request opaque length is parsed and then validated mainly through packet-size/arithmetic consistency, but there is no explicit protocol max-bound check against SPDM_MAX_OPAQUE_DATA_SIZE before deeper processing.
Observed Behavior
SPDM 1.4 PSK_FINISH responder parses opaque length and relies on size-flow checks.
No direct reject path tied specifically to protocol maximum opaque length.
Similar explicit max-bound logic exists in other responder paths (for example CSR), but not here.
Expected Behavior
Responder should explicitly validate request opaque length against protocol maximum and reject oversized values with INVALID_REQUEST.
Impact
Protocol robustness/compliance gap in input validation strictness.
Behavior differs from stricter parsing patterns used in comparable flows.
Severity
Medium (functional/protocol validation completeness, non-security by itself).
Suggested Fix
Add explicit max-bound validation for PSK_FINISH request opaque length in SPDM 1.4 responder path and return SPDM_ERROR_CODE_INVALID_REQUEST when exceeded. Add UT for oversized opaque length.
Present in Release 3.8.2
Not in the same form (older flow layout differs and does not include current 1.4 opaque parsing path).