Check output of ecall_restore is outside enclave

PiperOrigin-RevId: 334265380
Change-Id: Ifbaead6bce56f01b2a4d69f53ca508d0138f6f61

asylo/platform/primitives/sgx/ecalls.cc

@@ -64,7 +64,9 @@ int ecall_restore(const char *input, uint64_t input_len, char **output,
   if (!asylo::primitives::TrustedPrimitives::IsOutsideEnclave(input,
                                                               input_len) ||
       !asylo::primitives::TrustedPrimitives::IsOutsideEnclave(
-          output_len, sizeof(uint64_t))) {
+          output_len, sizeof(uint64_t)) ||
+      !asylo::primitives::TrustedPrimitives::IsOutsideEnclave(output,
+                                                              *output_len)) {
     asylo::primitives::TrustedPrimitives::BestEffortAbort(
         "ecall_restore: input/output found to not be in untrusted memory.");
   }