From c31313da22176002010abbcfcf5d5c5200d182ec Mon Sep 17 00:00:00 2001
From: Jiewen Yao <jiewen.yao@intel.com>
Date: Mar 11 2016 04:51:43 +0000
Subject: SecurityPkg: Clear LocalAuthSession content after use.


Some commands in DxeTcg2PhysicalPresenceLib accept
AuthSession as input parameter and copy to local
command buffer. After use, this AuthSession content
should be zeroed, because there might be some secrete
there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

---

diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 8912ee4..e34fd8d 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -225,7 +225,7 @@ Tpm2CommandAllocPcr (
              );
   DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
   if (EFI_ERROR (Status)) {
-    return Status;
+    goto Done;
   }
 
   DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
@@ -233,7 +233,9 @@ Tpm2CommandAllocPcr (
   DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
   DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
 
-  return EFI_SUCCESS;
+Done:
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+  return Status;
 }
 
 /**
@@ -264,6 +266,8 @@ Tpm2CommandChangeEps (
 
   Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);
   DEBUG ((EFI_D_INFO, "Tpm2ChangeEPS - %r\n", Status));
+
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
   return Status;
 }