[SPDM] Copilot scan risks

[liuw1]

Review Findings

• High / DoS risk (mod.rs – MigtdTransport::receive): The loop that fills the vmcall header/body never breaks if transport.read returns Ok(0) (peer closed/EOF). recvd stays constant so the while-loop spins forever, blocking the SPDM stack and preventing any error path from running. The transport should detect 0 bytes, return an error, and let the caller tear down the session instead of looping indefinitely.
• Medium / Framing integrity (mod.rs – same function): payload_size + VMCALL_SPDM_MESSAGE_HEADER_SIZE is computed directly, so on 32‑bit builds a crafted length close to u32::MAX wraps around and makes the check succeed even though the message doesn’t fit in the buffer. That allows the transport to accept a truncated packet while leaving the remainder on the wire, desynchronizing the stream (and potentially leading to panic on the next read). Use a checked add (or validate payload_size before the comparison) to prevent overflow-driven framing attacks.

[IntelCaisui]

For 1, The upper layer calls of MigtdTransport::receive are wrapped by with_timeout, and the loop will be terminated when timeout is reached.
But an existing problem is found because of same reason,
At send_policy,
The migtd is facing high risk of DOS attack which could make session hang forever and resource exhaustion. Will fix this.

For 2, no actual danger since Err return will always happen when u32 wrapping around happens. But I think it is an improvement to do receiving data check and avoid panic in debug build.