Description:
For SPDM 1.3+ capabilities extensions, parser derives effective size from block length but does not perform strict internal structural coherence validation (length/count/entry-layout boundaries) before transcript/copy usage.
Observed Behavior
Variable block length is consumed to derive effective response size.
No strict validator for full internal coherence across table count and entry sizing.
Acceptance path may proceed without full deep structural checks.
Expected Behavior
Requester should validate full structural coherence of the supported-algorithms variable block before accepting/copying/transcripting it.
Impact
Protocol strictness and parser hardening gap.
Increased tolerance of malformed-yet-size-consistent internal layouts.
Severity
Medium (protocol robustness/compliance issue, non-security by itself).
Suggested Fix
Add a dedicated strict validator for supported-algorithms block and reject malformed coherence cases with invalid message size/field. Add UT with inconsistent length/count/layout combinations.
Present in Release 3.8.2
Not in the same form (current SPDM 1.3 variable-block parsing path differs).
Description:
For SPDM 1.3+ capabilities extensions, parser derives effective size from block length but does not perform strict internal structural coherence validation (length/count/entry-layout boundaries) before transcript/copy usage.
Observed Behavior
Variable block length is consumed to derive effective response size.
No strict validator for full internal coherence across table count and entry sizing.
Acceptance path may proceed without full deep structural checks.
Expected Behavior
Requester should validate full structural coherence of the supported-algorithms variable block before accepting/copying/transcripting it.
Impact
Protocol strictness and parser hardening gap.
Increased tolerance of malformed-yet-size-consistent internal layouts.
Severity
Medium (protocol robustness/compliance issue, non-security by itself).
Suggested Fix
Add a dedicated strict validator for supported-algorithms block and reject malformed coherence cases with invalid message size/field. Add UT with inconsistent length/count/layout combinations.
Present in Release 3.8.2
Not in the same form (current SPDM 1.3 variable-block parsing path differs).